# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2018-2021 Mikhail Morfikov
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

  abi <abi/3.0>,

  # The fontconfig cache can be generated via the following command:
  #   $ fc-cache -f -v
  # There's no need to give apps the ability to create cache for their own. Apps can generate the
  # fontconfig cache if some cache files are missing, so if this behavior is desirable, you can use
  # the "fontconfig-cache-write" abstraction.

       owner @{HOME}/.cache/fontconfig/ r,
  deny       @{HOME}/.cache/fontconfig/ w,
  deny       @{HOME}/.cache/fontconfig/** w,
       owner @{HOME}/.cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
       owner @{HOME}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,

       owner @{HOME}/.fontconfig/ r,
  deny       @{HOME}/.fontconfig/ w,
  deny       @{HOME}/.fontconfig/** w,
       owner @{HOME}/.fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
       owner @{HOME}/.fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,

       /var/cache/fontconfig/ r,
  deny /var/cache/fontconfig/ w,
  deny /var/cache/fontconfig/** w,
       /var/cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
       /var/cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,

  # This is to create .uuid file containing an UUID at a font directory. The UUID will be used to
  # identify the font directory and is used to determine the cache filename if available.
       owner /usr/local/share/fonts/.uuid r,
  deny       /usr/local/share/fonts/.uuid{,.NEW,.LCK,.TMP-*} w,
             /usr/share/**/.uuid  r,
  deny       /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*}  w,

  # For Google Fonts downloaded via font-manager
       owner "@{HOME}/.local/share/fonts/Google Fonts/.uuid" r,
  deny       "@{HOME}/.local/share/fonts/Google Fonts/.uuid{,.NEW,.LCK,.TMP-*}" w,
       owner "@{HOME}/.local/share/fonts/Google Fonts/**/.uuid" r,
  deny       "@{HOME}/.local/share/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" w,