# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/3.0>,

include <tunables/global>
 
@{exec_path} = @{bin}/baloo_file @{lib}/baloo_file
profile baloo @{exec_path} {
  include <abstractions/base>
  include <abstractions/deny-sensitive-home>
  include <abstractions/disks-read>
  include <abstractions/fontconfig-cache-write> 
  include <abstractions/fonts>
  include <abstractions/freedesktop.org>
  include <abstractions/private-files-strict>
  include <abstractions/private-files>
  include <abstractions/qt5>

  network netlink raw,

  @{exec_path} mr,

  @{lib}/baloo_file_extractor rix,

  /usr/share/hwdata/pnp.ids r,
  /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
  /usr/share/poppler/{,**} r,

  /etc/fstab r,
  /etc/machine-id r,
  /etc/xdg/baloofilerc r,
  /etc/xdg/kdeglobals r,

  # Allow to search user files
  owner @{HOME}/{,**} r,
  owner @{MOUNTS}/{,**} r,
  owner /tmp/*/{,**} r,

  owner @{user_config_dirs}/#[0-9]* rw,
  owner @{user_config_dirs}/baloofilerc rwl,
  owner @{user_config_dirs}/baloofilerc.lock rwkl,

  owner @{user_share_dirs}/baloo/{,**} rwk,

        @{PROC}/sys/kernel/core_pattern r,
        @{PROC}/sys/kernel/random/boot_id r,
  owner @{PROC}/@{pid}/mounts r,
  owner @{PROC}/@{pid}/mountinfo r,

  /dev/tty r,

  include if exists <local/baloo>
}