feat(profiles): modernize udev access.

2023-08-24 19:31:54 +01:00 · 2023-08-24 19:31:54 +01:00 · 07cfbcd952
commit 07cfbcd952
parent 73cb5a4545
37 changed files with 234 additions and 229 deletions
--- a/apparmor.d/groups/network/ModemManager
+++ b/apparmor.d/groups/network/ModemManager
@ -53,13 +53,13 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
  @{exec_path} mr,

  @{run}/udev/data/+pci:* r,
-  @{run}/udev/data/+platform* r,
+  @{run}/udev/data/+platform:* r,
  @{run}/udev/data/+usb:* r,
-  @{run}/udev/data/c16[6,7]:[0-9]* r,   # USB modems
-  @{run}/udev/data/c18[0,8,9]:[0-9]* r, # USB devices & USB serial converters
-  @{run}/udev/data/c4:[0-9]* r,         # for /dev/tty[0-9]*
-  @{run}/udev/data/c5:[0-9]* r,         # for /dev/tty, /dev/console, /dev/ptmx
-  @{run}/udev/data/n[0-9]* r,
+  @{run}/udev/data/c16[6,7]:[0-9]* r,     # USB modems
+  @{run}/udev/data/c18[0,8,9]:[0-9]* r,   # USB devices & USB serial converters
+  @{run}/udev/data/c4:@{int} r,           # for /dev/tty[0-9]*
+  @{run}/udev/data/c5:@{int} r,           # for /dev/tty, /dev/console, /dev/ptmx
+  @{run}/udev/data/n@{int} r,

  @{run}/systemd/inhibit/*.ref rw,

--- a/apparmor.d/groups/network/NetworkManager
+++ b/apparmor.d/groups/network/NetworkManager
@ -139,10 +139,10 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
  @{run}/nscd/db* rwl,
  @{run}/systemd/inhibit/[0-9]*.ref rw,
  @{run}/systemd/users/@{uid} r,
-  @{run}/udev/data/+pci* r,
-  @{run}/udev/data/+platform* r,
+  @{run}/udev/data/+pci:* r,
+  @{run}/udev/data/+platform:* r,
  @{run}/udev/data/+rfkill:* r,
-  @{run}/udev/data/n[0-9]* r,
+  @{run}/udev/data/n@{int} r,

  @{sys}/devices/**/uevent r,
  @{sys}/devices/virtual/net/{,**} r,
--- a/apparmor.d/groups/network/dhcpcd
+++ b/apparmor.d/groups/network/dhcpcd
@ -54,7 +54,7 @@ profile dhcpcd @{exec_path} flags=(attach_disconnected) {
  @{run}/dhcpcd/hook-state/resolv.conf/ rw,
  @{run}/dhcpcd/unpriv.sock w,

-  @{run}/udev/data/n[0-9]* r,
+  @{run}/udev/data/n@{int} r,

  @{sys}/devices/pci[0-9]*/**/uevent r,
  @{sys}/devices/virtual/dmi/id/product_uuid r,
--- a/apparmor.d/groups/network/nmcli
+++ b/apparmor.d/groups/network/nmcli
@ -20,8 +20,8 @@ profile nmcli @{exec_path} {
  owner @{HOME}/.nm-vpngate/*.ovpn r,
  owner @{HOME}/.cert/nm-openvpn/*.pem rw,

-  @{run}/udev/data/+pci* r,
-  @{run}/udev/data/n[0-9]* r,
+  @{run}/udev/data/+pci:* r,
+  @{run}/udev/data/n@{int} r,

  @{sys}/devices/virtual/net/{,**} r,
  @{sys}/devices/pci[0-9]*/**/net/*/{,**} r,