{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}

{{- range .Abi -}}
    {{- if .IsMagic -}}
        {{ "abi <" }}{{ .Path }}{{ ">,\n" }}
    {{- else -}}
        {{ "abi \"" }}{{ .Path }}{{ "\",\n" }}
    {{- end }}
{{ end -}}

{{- range .Aliases -}}
    {{ "alias " }}{{ .Path }}{{ " -> " }}{{ .RewrittenPath }}{{ ",\n" }}
{{ end -}}

{{- range .Includes -}}
    {{ template "include" . }}{{ "\n" }}
{{ end -}}

{{- range .Variables -}}
    {{ "@{" }}{{ .Name }}{{ "} = " }}{{ join .Values }}
{{ end -}}

{{- "profile" -}}
{{- with .Name -}}
    {{ " " }}{{ . }}
{{- end -}}
{{- with .Attachments -}}
    {{ " " }}{{ join . }}
{{- end -}}
{{- with .Attributes -}}
    {{ " xattrs=(" }}{{ join . }}{{ ")" }}
{{- end -}}
{{- with .Flags -}}
    {{ " flags=(" }}{{ join . }}{{ ")" }}
{{- end -}}
{{ " {\n" }}

{{- $oldtype := "" -}}
{{- range .Rules -}}
    {{- $type := typeof . -}}
    {{- if eq $type "Rule" -}}
        {{- "\n" -}}
        {{- continue -}}
    {{- end -}}
    {{- if and (ne $type $oldtype) (ne $oldtype "") -}}
        {{- "\n" -}}
    {{- end -}}
    {{- indent "" -}}

    {{- if eq $type "Include" -}}
        {{ template "include" . }}
    {{- end -}}

    {{- if eq $type "Rlimit" -}}
        {{ "set rlimit " }}{{ .Key }} {{ .Op }} {{ .Value }}{{ "," }}
    {{- end -}}

    {{- if eq $type "Capability" -}}
        {{ template "qualifier" . }}{{ "capability " }}{{ .Name }}{{ "," }}{{ template "comment" . }}
    {{- end -}}

    {{- if eq $type "Network" -}}
        {{- template "qualifier" . -}}
        {{ "network" }}
        {{- with .Domain -}}
            {{ " " }}{{ . }}
        {{- end -}}
        {{- with .Type -}}
            {{ " " }}{{ . }}
        {{- else -}}
            {{- with .Protocol -}}
                {{ " " }}{{ . }}
            {{- end -}}
        {{- end -}}
        {{- "," -}}
        {{- template "comment" . -}}
    {{- end -}}

    {{- if eq $type "Mount" -}}
        {{- template "qualifier" . -}}
        {{- "mount" -}}
        {{- with .FsType -}}
            {{ " fstype=" }}{{ . }}
        {{- end -}}
        {{- with .Options -}}
            {{ " options=(" }}{{ join . }}{{ ")" }}
        {{- end -}}
        {{- with .Source -}}
            {{ " " }}{{ . }}
        {{- end -}}
        {{- with .MountPoint -}}
            {{ " -> " }}{{ . }}
        {{- end -}}
        {{- "," -}}
        {{- template "comment" . -}}
    {{- end -}}

    {{- if eq $type "Umount" -}}
        {{- template "qualifier" . -}}
        {{- "umount" -}}
        {{- with .FsType -}}
            {{ " fstype=" }}{{ . }}
        {{- end -}}
        {{- with .Options -}}
            {{ " options=(" }}{{ join . }}{{ ")" }}
        {{- end -}}
        {{- with .MountPoint -}}
            {{ " " }}{{ . }}
        {{- end -}}
        {{- "," -}}
        {{- template "comment" . -}}
    {{- end -}}

    {{- if eq $type "Remount" -}}
        {{- template "qualifier" . -}}
        {{- "remount" -}}
        {{- with .FsType -}}
            {{ " fstype=" }}{{ . }}
        {{- end -}}
        {{- with .Options -}}
            {{ " options=(" }}{{ join . }}{{ ")" }}
        {{- end -}}
        {{- with .Remount -}}
            {{ " " }}{{ . }}
        {{- end -}}
        {{- "," -}}
        {{- template "comment" . -}}
    {{- end -}}

    {{- if eq $type "Unix" -}}
        {{- template "qualifier" . -}}
        {{- "unix" -}}
        {{- with .Access -}}
            {{ " (" }}{{ . }}{{ ")" }}
        {{- end -}}
        {{- with .Type -}}
            {{ " type=" }}{{ . }}
        {{- end -}}
        {{- with .Address -}}
            {{ " addr=" }}{{ . }}
        {{- end -}}
        {{- if .Peer -}}
            {{ " peer=(label=" }}{{ .Peer }}
            {{- with .PeerAddr -}}
                {{ ", addr="}}{{ . }}
            {{- end -}}
            {{- ")" -}}
        {{- end -}}
        {{- "," -}}
        {{- template "comment" . -}}
    {{- end -}}

    {{- if eq $type "Ptrace" -}}
        {{- template "qualifier" . -}}
        {{- "ptrace" -}}
        {{- with .Access -}}
            {{ " (" }}{{ . }}{{ ")" }}
        {{- end -}}
        {{- with .Peer -}}
            {{ " peer=" }}{{ . }}
        {{- end -}}
        {{- "," -}}
        {{- template "comment" . -}}
    {{- end -}}

    {{- if eq $type "Signal" -}}
        {{- template "qualifier" . -}}
        {{- "signal" -}}
        {{- with .Access -}}
            {{ " (" }}{{ . }}{{ ")" }}
        {{- end -}}
        {{- with .Set -}}
            {{ " set=(" }}{{ . }}{{ ")" }}
        {{- end -}}
        {{- with .Peer -}}
            {{ " peer=" }}{{ . }}
        {{- end -}}
        {{- "," -}}
        {{- template "comment" . -}}
    {{- end -}}

    {{- if eq $type "Dbus" -}}
        {{- template "qualifier" . -}}
        {{- "dbus" -}}
        {{- if eq .Access "bind" -}}
            {{ " bind bus=" }}{{ .Bus }}{{ " name=" }}{{ .Name }}
        {{- else -}}
            {{ " " }}{{ .Access }}
            {{- with .Bus -}}
                {{ " bus=" }}{{ . }}
            {{- end -}}
            {{- with .Path -}}
                {{ " path=" }}{{ . }}
            {{- end -}}
            {{ "\n" }}
            {{- with .Interface -}}
                {{ overindent "interface=" }}{{ . }}{{ "\n" }}
            {{- end -}}
            {{- with .Member -}}
                {{ overindent "member=" }}{{ . }}{{ " " }}{{ "\n" }}
            {{- end -}}
            {{- if and .Name .Label -}}
                {{ overindent "peer=(name=" }}{{ .Name }}{{ ", label="}}{{ .Label }}{{ ")" }}
            {{- else -}}
                {{- with .Name -}}
                    {{ overindent "peer=(name=" }}{{ . }}{{ ")" }}
                {{- end -}}
                {{- with .Label -}}
                    {{ overindent "peer=(label=" }}{{ . }}{{ ")" }}
                {{- end -}}
            {{- end -}}
        {{- end -}}
        {{- "," -}}
        {{- template "comment" . -}}
    {{- end -}}

    {{- if eq $type "File" -}}
        {{- template "qualifier" . -}}
        {{- .Path -}}
        {{- " " -}}
        {{- with .Padding -}}
            {{ . }}
        {{- end -}}
        {{- .Access -}}
        {{- with .Target -}}
            {{ " -> " }}{{ . }}
        {{- end -}}
        {{- "," -}}
        {{- template "comment" . -}}
    {{- end -}}

    {{- "\n" -}}
    {{- $oldtype = $type -}}
{{- end -}}

{{- "}\n" -}}