# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2020-2021 Mikhail Morfikov
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

abi <abi/3.0>,

include <tunables/global>

@{exec_path} = /{usr/,}sbin/sensors-detect
profile sensors-detect @{exec_path} {
  include <abstractions/base>
  include <abstractions/perl>

  capability syslog,

  @{exec_path} r,
  /{usr/,}bin/perl r,

  /usr/bin/uname   rix,

  /usr/bin/udevadm rCx -> udevadm,
  /usr/bin/kmod    rCx -> kmod,

  /etc/udev/udev.conf r,

  @{sys}/bus/pci/devices/ r,
  @{sys}/class/i2c-adapter/ r,

  @{sys}/devices/pci[0-9]*/**/{class,vendor,device} r,
  @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r,
  @{sys}/devices/pci[0-9]*/**/modalias r,
  @{sys}/devices/virtual/dmi/id/board_{version,vendor,name} r,
  @{sys}/devices/virtual/dmi/id/product_{version,name} r,
  @{sys}/devices/virtual/dmi/id/chassis_type r,
  @{sys}/devices/virtual/dmi/id/sys_vendor r,

  /dev/i2c-[0-9]* r,

  owner @{PROC}/@{pid}/mounts r,
  /proc/modules r,


  profile udevadm {
    include <abstractions/base>

    capability sys_ptrace,

    ptrace (read),

    /{usr/,}bin/udevadm mr,

    /etc/udev/udev.conf r,

    owner @{PROC}/@{pid}/stat r,
    owner @{PROC}/@{pid}/cgroup r,
          @{PROC}/1/cgroup r,
          @{PROC}/sys/kernel/random/boot_id r,

  }

  profile kmod {
    include <abstractions/base>

    /{usr/,}bin/kmod mr,

    @{PROC}/cmdline r,

    /{usr/,}lib/modprobe.d/ r,
    /{usr/,}lib/modprobe.d/*.conf r,
    /etc/modprobe.d/ r,
    /etc/modprobe.d/*.conf r,

  }

  include if exists <local/sensors-detect>
}