# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# This abstraction gives write only access on all defined user directories. It should
# only be used if access to **ALL** folders is required.

  abi <abi/4.0>,

  owner @{HOME}/ r,
  owner @{MOUNTS}/ r,

  owner @{HOME}/@{XDG_DESKTOP_DIR}/{,**} wl,
  owner @{HOME}/@{XDG_SCREENSHOTS_DIR}/{,**} wl,
  owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} wl,
  owner @{MOUNTS}/@{XDG_DESKTOP_DIR}/{,**} wl,
  owner @{MOUNTS}/@{XDG_SCREENSHOTS_DIR}/{,**} wl,
  owner @{MOUNTS}/@{XDG_WALLPAPERS_DIR}/{,**} wl,

  owner @{user_books_dirs}/{,**} wl,
  owner @{user_documents_dirs}/{,**} wl,
  owner @{user_download_dirs}/{,**} wl,
  owner @{user_games_dirs}/{,**} wl,
  owner @{user_music_dirs}/{,**} wl,
  owner @{user_pictures_dirs}/{,**} wl,
  owner @{user_projects_dirs}/{,**} wl,
  owner @{user_publicshare_dirs}/{,**} wl,
  owner @{user_sync_dirs}/{,**} wl,
  owner @{user_templates_dirs}/{,**} wl,
  owner @{user_torrents_dirs}/{,**} wl,
  owner @{user_videos_dirs}/{,**} wl,
  owner @{user_vm_dirs}/{,**} wl,
  owner @{user_work_dirs}/{,**} wl,

  include if exists <abstractions/user-write-strict.d>

# vim:syntax=apparmor