From 07dbb0c7d3bc3038ad9eb4cf3304c7da1af440d3 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 14 Mar 2025 23:57:37 +0100
Subject: [PATCH] fix(profile): ssh-sk-helper does not get transioned.

fix #681
see #677
---
 apparmor.d/groups/ssh/ssh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/groups/ssh/ssh b/apparmor.d/groups/ssh/ssh
index bdbcf8fa6..6b8ec14d6 100644
--- a/apparmor.d/groups/ssh/ssh
+++ b/apparmor.d/groups/ssh/ssh
@@ -26,7 +26,7 @@ profile ssh @{exec_path} {
 
   @{bin}/@{shells}     rUx,
 
-  @{lib}/{,ssh/}ssh-sk-helper rPx,
+  @{lib}/{,ssh/}ssh-sk-helper rix,
 
   @{etc_ro}/ssh/ssh_config r,
   @{etc_ro}/ssh/ssh_config.d/{,*} r,
@@ -49,9 +49,17 @@ profile ssh @{exec_path} {
   owner @{run}/user/@{uid}/gvfsd-sftp/@{hex}.@{rand} wl -> @{run}/user/@{uid}/gvfsd-sftp/@{hex}.@{rand},
   owner @{run}/user/@{uid}/keyring/ssh rw,
 
+  @{sys}/ r,
+  @{sys}/bus/ r,
+  @{sys}/class/ r,
+  @{sys}/class/hidraw/ r,
+  @{sys}/class/hidraw/hidraw@{int} r,
+
   owner @{PROC}/@{pid}/loginuid r,
   owner @{PROC}/@{pid}/fd/ r,
 
+  /dev/hidraw@{int} rwk,
+
   include if exists <local/ssh>
 }