Merge abstraction: add devices-usb & devices-usb-read

Needed for https://gitlab.com/apparmor/apparmor/-/merge_requests/1433 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1545 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net>
2025-03-04 00:14:44 +01:00 · 2025-02-14 19:31:40 +00:00 · 2025-02-14 19:31:40 +00:00 · dc583bc1d4
commit dc583bc1d4
parent 783f012074 4591ed63ba
2 changed files with 57 additions and 0 deletions
--- a/profiles/apparmor.d/abstractions/devices-usb
+++ b/profiles/apparmor.d/abstractions/devices-usb
@ -0,0 +1,22 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2021 Mikhail Morfikov
+#    Copyright (C) 2021-2025 Alexandre Pujol <alexandre@pujol.io>
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+  abi <abi/4.0>,
+
+  include <abstractions/devices-usb-read>
+
+  /dev/bus/usb/@{int}/@{int} wk,
+
+  @{sys}/devices/**/usb@{int}/{,**} w,
+
+  include if exists <abstractions/devices-usb.d>
+
+# vim:syntax=apparmor
--- a/profiles/apparmor.d/abstractions/devices-usb-read
+++ b/profiles/apparmor.d/abstractions/devices-usb-read
@ -0,0 +1,35 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2021 Mikhail Morfikov
+#    Copyright (C) 2021-2025 Alexandre Pujol <alexandre@pujol.io>
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+  abi <abi/4.0>,
+
+  /dev/ r,
+  /dev/bus/usb/ r,
+  /dev/bus/usb/@{int}/ r,
+  /dev/bus/usb/@{int}/@{int} r,
+
+  @{sys}/class/ r,
+  @{sys}/class/usbmisc/ r,
+
+  @{sys}/bus/ r,
+  @{sys}/bus/usb/ r,
+  @{sys}/bus/usb/devices/{,**} r,
+
+  @{sys}/devices/**/usb@{int}/{,**} r,
+
+  # Udev data about usb devices (~equal to content of lsusb -v)
+  @{run}/udev/data/+usb:* r,
+  @{run}/udev/data/c16[6,7]:@{int} r,   # USB modems
+  @{run}/udev/data/c18[0,8,9]:@{int} r, # USB devices & USB serial converters
+
+  include if exists <abstractions/devices-usb-read.d>
+
+# vim:syntax=apparmor