From 60b91279162036a7d1a55df72d40977387fe1336 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 29 May 2025 23:53:47 +0200
Subject: [PATCH] feat(profile): update pipewire profiles.

---
 apparmor.d/groups/freedesktop/pipewire-pulse | 8 +++++++-
 apparmor.d/groups/freedesktop/pulseaudio     | 6 +++---
 apparmor.d/groups/freedesktop/wireplumber    | 4 ++++
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/apparmor.d/groups/freedesktop/pipewire-pulse b/apparmor.d/groups/freedesktop/pipewire-pulse
index 530fa97db..fddbe02f7 100644
--- a/apparmor.d/groups/freedesktop/pipewire-pulse
+++ b/apparmor.d/groups/freedesktop/pipewire-pulse
@@ -11,15 +11,18 @@ include <tunables/global>
 profile pipewire-pulse @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/audio-client>
+  include <abstractions/bus-session>
+  include <abstractions/bus-system>
   include <abstractions/nameservice-strict>
 
   capability sys_ptrace,
 
-  ptrace (read),
+  ptrace read,
 
   @{exec_path} mr,
 
   @{bin}/pactl rix,
+  @{bin}/pipewire mr,
 
   /usr/share/pipewire/{,**} r,
 
@@ -38,6 +41,9 @@ profile pipewire-pulse @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/virtual/dmi/id/sys_vendor r,
   @{sys}/devices/virtual/dmi/id/board_vendor r,
   @{sys}/devices/virtual/dmi/id/bios_vendor r,
+  @{sys}/module/apparmor/parameters/enabled r,
+
+  owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
   include if exists <local/pipewire-pulse>
 }
diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio
index fab642571..05e4c3ec2 100644
--- a/apparmor.d/groups/freedesktop/pulseaudio
+++ b/apparmor.d/groups/freedesktop/pulseaudio
@@ -82,9 +82,9 @@ profile pulseaudio @{exec_path} {
 
   owner @{desktop_cache_dirs}/gstreamer-1.0/ rw,
   owner @{desktop_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw,
-  owner @{desktop_config_dirs}/dconf/user   r,
-  owner @{desktop_config_dirs}/pulse/{,**}  rw,
-  owner @{desktop_config_dirs}/pulse/cookie   k,
+  owner @{desktop_config_dirs}/dconf/user r,
+  owner @{desktop_config_dirs}/pulse/{,**} rw,
+  owner @{desktop_config_dirs}/pulse/cookie k,
 
   owner @{HOME}/.pulse/{,**} rw,
   owner @{user_config_dirs}/ w,
diff --git a/apparmor.d/groups/freedesktop/wireplumber b/apparmor.d/groups/freedesktop/wireplumber
index aa6928298..0925bad91 100644
--- a/apparmor.d/groups/freedesktop/wireplumber
+++ b/apparmor.d/groups/freedesktop/wireplumber
@@ -75,6 +75,10 @@ profile wireplumber @{exec_path} {
   @{sys}/devices/virtual/dmi/id/product_name r,
   @{sys}/devices/virtual/dmi/id/sys_vendor r,
 
+        @{PROC}/1/cgroup r,
+        @{PROC}/1/cmdline r,
+  owner @{PROC}/@{pid}/cgroup r,
+  owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
   /dev/media@{int} rw,