diff --git a/profiles/apparmor.d/abstractions/devices-usb b/profiles/apparmor.d/abstractions/devices-usb new file mode 100644 index 000000000..9c3d5bbb6 --- /dev/null +++ b/profiles/apparmor.d/abstractions/devices-usb @@ -0,0 +1,22 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2021-2025 Alexandre Pujol +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + abi , + + include + + /dev/bus/usb/@{int}/@{int} wk, + + @{sys}/devices/**/usb@{int}/{,**} w, + + include if exists + +# vim:syntax=apparmor diff --git a/profiles/apparmor.d/abstractions/devices-usb-read b/profiles/apparmor.d/abstractions/devices-usb-read new file mode 100644 index 000000000..3fdb7090a --- /dev/null +++ b/profiles/apparmor.d/abstractions/devices-usb-read @@ -0,0 +1,35 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2021-2025 Alexandre Pujol +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + abi , + + /dev/ r, + /dev/bus/usb/ r, + /dev/bus/usb/@{int}/ r, + /dev/bus/usb/@{int}/@{int} r, + + @{sys}/class/ r, + @{sys}/class/usbmisc/ r, + + @{sys}/bus/ r, + @{sys}/bus/usb/ r, + @{sys}/bus/usb/devices/{,**} r, + + @{sys}/devices/**/usb@{int}/{,**} r, + + # Udev data about usb devices (~equal to content of lsusb -v) + @{run}/udev/data/+usb:* r, + @{run}/udev/data/c16[6,7]:@{int} r, # USB modems + @{run}/udev/data/c18[0,8,9]:@{int} r, # USB devices & USB serial converters + + include if exists + +# vim:syntax=apparmor