feat(profiles): replace old [0-9]* glob by @{int}

Beware some [0-9]* glob are actually not proper @{int}.

apparmor.d/groups/freedesktop/at-spi-bus-launcher

@@ -54,7 +54,7 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/fd/ r,
         @{PROC}/1/cgroup r,
 
-  owner /dev/tty[0-9]* rw,  # file_inherit
+  owner /dev/tty@{int} rw,  # file_inherit
 
   include if exists <local/at-spi-bus-launcher>
 }

apparmor.d/groups/freedesktop/at-spi2-registryd

@@ -95,7 +95,7 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) {
   owner @{run}/user/@{uid}/gdm/Xauthority r,
   owner @{run}/user/@{uid}/xauth_@{rand6} r,
 
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
 
   include if exists <local/at-spi2-registryd>
 }

apparmor.d/groups/freedesktop/cpupower

@@ -10,7 +10,7 @@ include <tunables/global>
 profile cpupower @{exec_path} {
   include <abstractions/base>
 
-  # Needed to read the /dev/cpu/[0-9]*/msr device, and hence remove the following error:
+  # Needed to read the /dev/cpu/@{int}/msr device, and hence remove the following error:
   #  Could not read perf-bias value[-1]
   capability sys_rawio,
 
@@ -25,19 +25,19 @@ profile cpupower @{exec_path} {
 
   @{sys}/devices/system/cpu/{cpufreq,cpuidle}/ r,
   @{sys}/devices/system/cpu/{cpufreq,cpuidle}/** r,
-  @{sys}/devices/system/cpu/cpu[0-9]*/{cpufreq,cpuidle}/ r,
-  @{sys}/devices/system/cpu/cpu[0-9]*/{cpufreq,cpuidle}/** r,
+  @{sys}/devices/system/cpu/cpu@{int}/{cpufreq,cpuidle}/ r,
+  @{sys}/devices/system/cpu/cpu@{int}/{cpufreq,cpuidle}/** r,
 
-  @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{min,max}_freq rw,
-  @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_governor rw,
-  @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_setspeed rw,
-  @{sys}/devices/system/cpu/cpu[0-9]*/cpuidle/state[0-9]/disable rw,
+  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{min,max}_freq rw,
+  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_governor rw,
+  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_setspeed rw,
+  @{sys}/devices/system/cpu/cpu@{int}/cpuidle/state[0-9]/disable rw,
 
-  @{sys}/devices/system/cpu/cpu[0-9]*/topology/{physical_package_id,core_id} r,
+  @{sys}/devices/system/cpu/cpu@{int}/topology/{physical_package_id,core_id} r,
 
-  @{sys}/devices/system/cpu/cpu[0-9]*/online r,
+  @{sys}/devices/system/cpu/cpu@{int}/online r,
 
-  /dev/cpu/[0-9]*/msr r,
+  /dev/cpu/@{int}/msr r,
 
 
   profile kmod {

apparmor.d/groups/freedesktop/dconf-editor

@@ -27,7 +27,7 @@ profile dconf-editor @{exec_path} {
   owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-@{rand6} rw,
 
   owner @{HOME}/.Xauthority r,
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
 
   include if exists <local/dconf-editor>
 }

apparmor.d/groups/freedesktop/dconf-service

@@ -52,7 +52,7 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) {
 
   @{PROC}/cmdline r,
 
-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,
 
   include if exists <local/dconf-service>
 }

apparmor.d/groups/freedesktop/fc-cache

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache{,-32,-v*}
+@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}bin/fc-cache{,-32,-v*}
 profile fc-cache @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>

apparmor.d/groups/freedesktop/pipewire

@@ -82,7 +82,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
 
   owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
-  /dev/media[0-9]* rw,
+  /dev/media@{int} rw,
 
   include if exists <local/pipewire>
 }

apparmor.d/groups/freedesktop/pipewire-media-session

@@ -70,11 +70,11 @@ profile pipewire-media-session @{exec_path} {
   @{sys}/devices/pci[0-9]*/**/sound/**/pcm_class r,
   @{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r,
   @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node[0-9]*/meminfo r,
+  @{sys}/devices/system/node/node@{int}/meminfo r,
 
   owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
-  /dev/video[0-9]* rw,
+  /dev/video@{int} rw,
   /dev/snd/ r,
 
   include if exists <local/pipewire-media-session>

apparmor.d/groups/freedesktop/plymouthd

@@ -59,7 +59,7 @@ profile plymouthd @{exec_path} {
   owner @{PROC}/@{pid}/stat r,
 
   /dev/ptmx rw,
-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,
   /dev/ttyS[0-9]* rw,
 
   include if exists <local/plymouthd>

apparmor.d/groups/freedesktop/polkit-agent-helper

@@ -49,7 +49,7 @@ profile polkit-agent-helper @{exec_path} {
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/loginuid r,
 
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
 
   include if exists <local/polkit-agent-helper>
 }

apparmor.d/groups/freedesktop/polkit-kde-authentication-agent

@@ -32,7 +32,7 @@ profile polkit-kde-authentication-agent @{exec_path} {
   @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] rPx,
 
   /usr/share/hwdata/pnp.ids r,
-  /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
+  /usr/share/icu/@{int}.@{int}/*.dat r,
   /usr/share/qt5ct/** r,
 
   /etc/machine-id r,

apparmor.d/groups/freedesktop/polkit-mate-authentication-agent

@@ -33,7 +33,7 @@ profile polkit-mate-authentication-agent @{exec_path} {
 
   owner @{HOME}/.Xauthority r,
 
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
 
         @{PROC}/1/cgroup r,
   owner @{PROC}/@{pid}/cgroup r,

apparmor.d/groups/freedesktop/pulseaudio

@@ -190,11 +190,11 @@ profile pulseaudio @{exec_path} {
   owner @{PROC}/@{pids}/stat r,
   owner @{PROC}/@{pids}/cmdline r,
 
-  /dev/media[0-9]* r,
-  /dev/video[0-9]* rw,
+  /dev/media@{int} r,
+  /dev/video@{int} rw,
 
   # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
   owner @{HOME}/.xsession-errors w,
 
   include if exists <local/pulseaudio>

apparmor.d/groups/freedesktop/update-mime-database

@@ -19,8 +19,8 @@ profile update-mime-database @{exec_path} {
 
   /usr/share/mime/{,**} rw,
 
-  /dev/tty[0-9]* rw,
-  owner /dev/pts/[0-9]* rw,
+  /dev/tty@{int} rw,
+  owner /dev/pts/@{int} rw,
 
   # Inherit silencer
   deny network inet6 stream,

apparmor.d/groups/freedesktop/xdg-dbus-proxy

@@ -44,7 +44,7 @@ profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) {
        member=GetSettings
        peer=(label=NetworkManager),
 
-  owner @{run}/firejail/dbus/[0-9]*/[0-9]*-{system,user} rw,
+  owner @{run}/firejail/dbus/@{int}/@{int}-{system,user} rw,
   owner @{run}/user/@{uid}/.dbus-proxy/{system,session,a11y}-bus-proxy-[0-9A-Z]* rw,
   owner @{run}/user/@{uid}/webkitgtk/a11y-proxy-[0-9A-Z]* rw,
   owner @{run}/user/@{uid}/webkitgtk/bus-proxy-[0-9A-Z]* rw,
@@ -52,7 +52,7 @@ profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) {
 
   @{sys}/devices/virtual/thermal/thermal_zone[0-9]/hwmon[0-9]/temp* r,
 
-  /dev/dri/card[0-9]* rw,
+  /dev/dri/card@{int} rw,
 
   deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
 

apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome

@@ -129,7 +129,7 @@ profile xdg-desktop-portal-gnome @{exec_path} {
 
   /usr/share/X11/xkb/{,**} r,
 
-  /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,
+  /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,
   /var/lib/snapd/desktop/icons/{,**} r,
 
   owner @{HOME}/*/{,**} rw,

apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk

@@ -157,7 +157,7 @@ profile xdg-desktop-portal-gtk @{exec_path} {
 
   / r,
 
-  owner /var/lib/xkb/server-[0-9]*.xkm rw,
+  owner /var/lib/xkb/server-@{int}.xkm rw,
 
   owner @{HOME}/ r,
   owner @{HOME}/.* r,

apparmor.d/groups/freedesktop/xdg-desktop-portal-kde

@@ -26,7 +26,7 @@ profile xdg-desktop-portal-kde @{exec_path} {
   @{exec_path} mr,
 
   /usr/share/hwdata/pnp.ids r,
-  /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
+  /usr/share/icu/@{int}.@{int}/*.dat r,
   /usr/share/mime/{,**} r,
   /usr/share/qt5/qtlogging.ini r,
 

apparmor.d/groups/freedesktop/xdg-document-portal

@@ -68,7 +68,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
   /dev/fuse rw,
 
   # file inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
 
   profile flatpak {
     include <abstractions/base>

apparmor.d/groups/freedesktop/xdg-email

@@ -23,7 +23,7 @@ profile xdg-email @{exec_path} flags=(complain) {
   @{bin}/which       rix,
   @{bin}/xdg-mime    rPx,
 
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
 
   include if exists <local/xdg-email>
 }

apparmor.d/groups/freedesktop/xdg-mime

@@ -39,10 +39,10 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
 
   owner @{run}/user/@{uid}/ r,
 
-  @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/temp* r,
-  @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r,
+  @{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r,
+  @{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r,
 
-  /dev/dri/card[0-9]* rw,
+  /dev/dri/card@{int} rw,
   /dev/tty rw,
 
   # When xdg-mime is run as root, it wants to exec dbus-launch, and hence it creates the two

apparmor.d/groups/freedesktop/xdg-permission-store

@@ -54,7 +54,7 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) {
   owner @{user_share_dirs}/flatpak/db/background rw,
   owner @{user_share_dirs}/flatpak/db/notifications rw,
 
-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,
 
   include if exists <local/xdg-permission-store>
 }

apparmor.d/groups/freedesktop/xdg-screensaver

@@ -35,7 +35,7 @@ profile xdg-screensaver @{exec_path} {
 
   owner @{HOME}/ r,
   owner @{HOME}/.Xauthority r,
-  owner /tmp/xauth-[0-9]*-_[0-9] r,
+  owner /tmp/xauth-@{int}-_[0-9] r,
 
   owner @{run}/user/@{uid}/ r,
 

apparmor.d/groups/freedesktop/xhost

@@ -21,7 +21,7 @@ profile xhost @{exec_path} {
   /tmp/.X11-unix/* rw,
 
   # file_inherit
-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,
   owner @{HOME}/.xsession-errors w,
 
   # Silencer

apparmor.d/groups/freedesktop/xkbcomp

@@ -20,25 +20,25 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/X11/xkb/** r,
 
-  /var/lib/xkb/server-[0-9]*.xkm w,
-  /var/lib/xkb/compiled/server-[0-9]*.xkm rw,
+  /var/lib/xkb/server-@{int}.xkm w,
+  /var/lib/xkb/compiled/server-@{int}.xkm rw,
 
   owner @{HOME}/.Xauthority r,
   owner @{HOME}/*.{xkb,xkm} rw,
 
-  owner @{user_share_dirs}/xorg/Xorg.[0-9].log w,
+  owner @{user_share_dirs}/xorg/Xorg.@{int}.log w,
 
-        /var/lib/gdm{3,}/.local/share/xorg/Xorg.[0-9].log w,
-  owner /var/log/lightdm/x-[0-9]*.log w,
+        /var/lib/gdm{3,}/.local/share/xorg/Xorg.@{int}.log w,
+  owner /var/log/lightdm/x-@{int}.log w,
 
-  owner /tmp/server-[0-9]*.xkm rwk,
+  owner /tmp/server-@{int}.xkm rwk,
 
-  /dev/dri/card[0-9]* rw,
+  /dev/dri/card@{int} rw,
   /dev/tty rw,
-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,
   
-  deny /dev/input/event[0-9]* rw,
-  deny /var/log/Xorg.[0-9]*.log w,
+  deny /dev/input/event@{int} rw,
+  deny /var/log/Xorg.@{int}.log w,
 
   include if exists <local/xkbcomp>
 }

apparmor.d/groups/freedesktop/xorg

@@ -66,8 +66,8 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   @{lib}/xorg/modules/ r,
   @{lib}/xorg/modules/** mr,
 
-  /var/lib/xkb/server-[0-9]*.xkm rw,
-  /var/lib/xkb/compiled/server-[0-9]*.xkm rw,
+  /var/lib/xkb/server-@{int}.xkm rw,
+  /var/lib/xkb/compiled/server-@{int}.xkm rw,
 
   /usr/share/egl/{,**} rw,
   /usr/share/libinput*/ r,
@@ -140,11 +140,11 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   @{PROC}/mtrr rw,
 
   /dev/fb[0-9] rw,
-  /dev/input/event[0-9]* rw,
+  /dev/input/event@{int} rw,
   /dev/shm/#@{int} rw,
   /dev/shm/shmfd-* rw,
   /dev/tty rw,
-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,
   /dev/vga_arbiter rw,  # Graphic card modules
 
   include if exists <local/xorg>

apparmor.d/groups/freedesktop/xprop

@@ -25,7 +25,7 @@ profile xprop @{exec_path} {
   owner @{run}/user/@{uid}/xauth_@{rand6} rl,
 
   # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
   owner @{HOME}/.xsession-errors w,
 
   include if exists <local/xprop>

apparmor.d/groups/freedesktop/xrandr

@@ -17,7 +17,7 @@ profile xrandr @{exec_path} {
   /usr/share/X11/XErrorDB r,
 
   # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
 
   include if exists <local/xrandr>
 }

apparmor.d/groups/freedesktop/xrdb

@@ -17,7 +17,7 @@ profile xrdb @{exec_path} {
   @{bin}/{,*-}cpp-[0-9]*             rix,
   @{bin}/{,ba,da}sh                  rix,
   @{bin}/cpp                         rix,
-  @{lib}/gcc/*/[0-9]*/cc1            rix,
+  @{lib}/gcc/*/@{int}/cc1            rix,
   @{lib}/llvm-[0-9]*/bin/clang       rix,
 
   /usr/include/stdc-predef.h r,
@@ -40,10 +40,10 @@ profile xrdb @{exec_path} {
   owner /tmp/xauth-[0-9]*-_[0-9] r,
 
   @{run}/sddm/\{@{uuid}\} r,
-  @{run}/sddm/xauth_?????? r,
+  @{run}/sddm/xauth_@{rand6} r,
 
   # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
   owner @{HOME}/.xsession-errors w,
 
   /dev/tty rw,

apparmor.d/groups/freedesktop/xset

@@ -16,12 +16,12 @@ profile xset @{exec_path} {
   owner @{HOME}/.Xauthority r,
 
   @{run}/sddm/\{@{uuid}\} r,
-  @{run}/sddm/xauth_?????? r,
+  @{run}/sddm/xauth_@{rand6} r,
 
   # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
   owner @{HOME}/.xsession-errors w,
-  deny /dev/dri/card[0-9]* rw,
+  deny /dev/dri/card@{int} rw,
 
   include if exists <local/xset>
 }

apparmor.d/groups/freedesktop/xwayland

@@ -36,7 +36,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
 
   owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw,
 
-  owner /tmp/server-[0-9]*.xkm rwk,
+  owner /tmp/server-@{int}.xkm rwk,
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw,
   owner @{run}/user/@{uid}/xwayland-shared-@{rand6} rw,
 
@@ -45,7 +45,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
         @{PROC}/@{pids}/cmdline r,
   owner @{PROC}/@{pids}/comm r,
 
-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,
   /dev/tty rw,
 
   include if exists <local/xwayland>