apparmor/profiles/apparmor.d/abstractions/mesa

# vim:syntax=apparmor
# Rules for Mesa implementation of the OpenGL API

  abi <abi/3.0>,

  # System files
  /dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2()

  # Needed to check if the kernel supports the i915 perf interface
  # (src/intel/perf/gen_perf.c, load_oa_metrics())
  @{PROC}/sys/dev/i915/perf_stream_paranoid r,

  @{sys}/devices/pci[0-9]*/**/{revision,config} r,

  # User files
  owner @{HOME}/.cache/ w, # if user clears all caches
  owner @{HOME}/.cache/mesa_shader_cache/ rw,
  owner @{HOME}/.cache/mesa_shader_cache/index rw,
  owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw,
  owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw,
  owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk,

  # Fallback location when @{HOME}/.cache is not available
  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/ rw,
  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/index rw,
  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw,
  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw,
  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk,

  # Include additions to the abstraction
  include if exists <abstractions/mesa.d>