From 51bcdd5e148cc6f44c4ba560c8aede87e437531c Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 13 Sep 2025 00:43:40 +0200
Subject: [PATCH] feat(abs): add the input abs.

---
 apparmor.d/abstractions/common/app  |  5 +----
 apparmor.d/abstractions/common/game |  5 +----
 apparmor.d/abstractions/input       | 26 ++++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 8 deletions(-)
 create mode 100644 apparmor.d/abstractions/input

diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app
index d0b36188b..70a50b8c1 100644
--- a/apparmor.d/abstractions/common/app
+++ b/apparmor.d/abstractions/common/app
@@ -26,6 +26,7 @@
   include <abstractions/fontconfig-cache-write>
   include <abstractions/graphics>
   include <abstractions/gstreamer>
+  include <abstractions/input>
   include <abstractions/nameservice-strict>
   include <abstractions/p11-kit>
   include <abstractions/path>
@@ -72,8 +73,6 @@
   @{run}/pcscd/pcscd.comm rw, # Allow access to pcscd socket.
   @{run}/utmp rk,
 
-  @{run}/udev/data/c13:@{int}  r,         # for /dev/input/*
-
   @{sys}/ r,
   @{sys}/block/ r,
   @{sys}/bus/ r,
@@ -143,8 +142,6 @@
   owner @{att}/dev/shm/@{uuid} r,
 
   /dev/hidraw@{int} rw,
-  /dev/input/ r,
-  /dev/input/event@{int} rw,
   /dev/ptmx rw,
   /dev/pts/ptmx rw,
   /dev/tty rw,
diff --git a/apparmor.d/abstractions/common/game b/apparmor.d/abstractions/common/game
index 6b97b014c..753d4cf0b 100644
--- a/apparmor.d/abstractions/common/game
+++ b/apparmor.d/abstractions/common/game
@@ -17,6 +17,7 @@
   include <abstractions/devices-usb>
   include <abstractions/fontconfig-cache-write>
   include <abstractions/graphics>
+  include <abstractions/input>
   include <abstractions/nameservice-strict>
   include <abstractions/ssl_certs>
 
@@ -108,11 +109,7 @@
 
   /dev/ r,
   /dev/hidraw@{int} rw,
-  /dev/input/ r,
-  /dev/input/event@{int} rw,
-  /dev/input/js@{int} rw,
   /dev/tty rw,
-  /dev/uinput rw,
 
   include if exists <abstractions/common/game.d>
 
diff --git a/apparmor.d/abstractions/input b/apparmor.d/abstractions/input
new file mode 100644
index 000000000..57905fd0c
--- /dev/null
+++ b/apparmor.d/abstractions/input
@@ -0,0 +1,26 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Canonical Ltd
+# Copyright (C) 2022-2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Allow reading and writing to raw input devices
+
+  abi <abi/4.0>,
+
+  # network netlink raw,
+
+  # Allow reading for supported event reports for all input devices. See
+  # https://www.kernel.org/doc/Documentation/input/event-codes.txt
+  @{sys}/devices/**/input@{int}/capabilities/* r,
+
+  @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
+  @{run}/udev/data/c13:@{int}  r,         # for /dev/input/*
+
+  /dev/input/ r,
+  /dev/input/event@{int} rw,
+  /dev/input/mice rw,
+  /dev/input/mouse@{int} rw,
+
+  include if exists <abstractions/input.d>
+
+# vim:syntax=apparmor