mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
abstraction: add devices-usb & devices-usb-read
This commit is contained in:
Alexandre Pujol
parent
226ab5f050
commit
4591ed63ba
2 changed files with 57 additions and 0 deletions
22
profiles/apparmor.d/abstractions/devices-usb
Normal file
22
profiles/apparmor.d/abstractions/devices-usb
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
# ------------------------------------------------------------------
|
||||||
|
#
|
||||||
|
# Copyright (C) 2021 Mikhail Morfikov
|
||||||
|
# Copyright (C) 2021-2025 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or
|
||||||
|
# modify it under the terms of version 2 of the GNU General Public
|
||||||
|
# License published by the Free Software Foundation.
|
||||||
|
#
|
||||||
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
include <abstractions/devices-usb-read>
|
||||||
|
|
||||||
|
/dev/bus/usb/@{int}/@{int} wk,
|
||||||
|
|
||||||
|
@{sys}/devices/**/usb@{int}/{,**} w,
|
||||||
|
|
||||||
|
include if exists <abstractions/devices-usb.d>
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
||||||
35
profiles/apparmor.d/abstractions/devices-usb-read
Normal file
35
profiles/apparmor.d/abstractions/devices-usb-read
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
# ------------------------------------------------------------------
|
||||||
|
#
|
||||||
|
# Copyright (C) 2021 Mikhail Morfikov
|
||||||
|
# Copyright (C) 2021-2025 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or
|
||||||
|
# modify it under the terms of version 2 of the GNU General Public
|
||||||
|
# License published by the Free Software Foundation.
|
||||||
|
#
|
||||||
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
/dev/ r,
|
||||||
|
/dev/bus/usb/ r,
|
||||||
|
/dev/bus/usb/@{int}/ r,
|
||||||
|
/dev/bus/usb/@{int}/@{int} r,
|
||||||
|
|
||||||
|
@{sys}/class/ r,
|
||||||
|
@{sys}/class/usbmisc/ r,
|
||||||
|
|
||||||
|
@{sys}/bus/ r,
|
||||||
|
@{sys}/bus/usb/ r,
|
||||||
|
@{sys}/bus/usb/devices/{,**} r,
|
||||||
|
|
||||||
|
@{sys}/devices/**/usb@{int}/{,**} r,
|
||||||
|
|
||||||
|
# Udev data about usb devices (~equal to content of lsusb -v)
|
||||||
|
@{run}/udev/data/+usb:* r,
|
||||||
|
@{run}/udev/data/c16[6,7]:@{int} r, # USB modems
|
||||||
|
@{run}/udev/data/c18[0,8,9]:@{int} r, # USB devices & USB serial converters
|
||||||
|
|
||||||
|
include if exists <abstractions/devices-usb-read.d>
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
||||||
Loading…
Add table
Reference in a new issue