From 080c4faa226fff6c563730af169b190ffec3bf61 Mon Sep 17 00:00:00 2001
From: tpaau-17DB <tpaau-17db@tutamail.com>
Date: Mon, 28 Apr 2025 21:21:12 +0200
Subject: [PATCH] Add profile for spotdl.

---
 apparmor.d/profiles-a-f/ffmpeg |  1 +
 apparmor.d/profiles-s-z/spotdl | 41 ++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 apparmor.d/profiles-s-z/spotdl

diff --git a/apparmor.d/profiles-a-f/ffmpeg b/apparmor.d/profiles-a-f/ffmpeg
index 5196881a7..8633444d8 100644
--- a/apparmor.d/profiles-a-f/ffmpeg
+++ b/apparmor.d/profiles-a-f/ffmpeg
@@ -28,6 +28,7 @@ profile ffmpeg @{exec_path} {
   /var/lib/dbus/machine-id r,
 
   owner @{HOME}/.Xauthority r,
+  owner @{HOME}/.spotdl/** rw, # For spotdl
 
   owner @{user_music_dirs}/** rw,
   owner @{user_videos_dirs}/** rw,
diff --git a/apparmor.d/profiles-s-z/spotdl b/apparmor.d/profiles-s-z/spotdl
new file mode 100644
index 000000000..e5a8ab092
--- /dev/null
+++ b/apparmor.d/profiles-s-z/spotdl
@@ -0,0 +1,41 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2017-2021 Mikhail Morfikov
+# Copyright (C) 2025 tpaau-17DB <tpaau-17db@tutamail.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/spotdl
+profile spotdl @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/python>
+  include <abstractions/ssl_certs>
+  include <abstractions/user-download-strict>
+
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+
+  @{exec_path} mr,
+  @{python_path} r,
+
+  @{bin}/ffmpeg rpx,
+  @{bin}/ffprobe rpx,
+
+  owner @{user_music_dirs}/{,**} rwk,
+
+  owner @{HOME}/.spotdl/** rw,
+
+  owner @{user_cache_dirs}/spotdl/{,**} rw,
+  owner @{user_config_dirs}/spotdl/{,**} rw,
+
+  owner @{PROC}/@{pid}/fd/ r,
+
+  include if exists <local/spotdl>
+}
+
+# vim:syntax=apparmor