From 8224ac2b3fae541f4633b883151e06b5e71cc00b Mon Sep 17 00:00:00 2001
From: Jose Maldonado <63384398+yukiteruamano@users.noreply.github.com>
Date: Mon, 6 May 2024 14:16:39 -0400
Subject: [PATCH] Fix access to OpenSC configuration (#326)

---
 apparmor.d/groups/browsers/firefox      | 1 +
 apparmor.d/groups/gnome/gsd-smartcard   | 1 +
 apparmor.d/groups/gnome/seahorse        | 2 ++
 apparmor.d/groups/whonix/torbrowser     | 3 ++-
 apparmor.d/profiles-m-r/pkcs11-register | 3 ++-
 apparmor.d/profiles-m-r/rngd            | 1 +
 6 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox
index db6c26763..224b4cc7d 100644
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@@ -119,6 +119,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   /etc/mailcap r,
   /etc/mime.types r,
   /etc/opensc.conf r,
+  /etc/opensc/opensc.conf r,
   /etc/sysconfig/proxy r,
   /etc/xdg/* r,
   /etc/xul-ext/kwallet5.js r,
diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard
index 0b722c5a5..4003d1753 100644
--- a/apparmor.d/groups/gnome/gsd-smartcard
+++ b/apparmor.d/groups/gnome/gsd-smartcard
@@ -31,6 +31,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
   /etc/opensc.conf r,
+  /etc/opensc/opensc.conf r,
 
   owner @{GDM_HOME}/greeter-dconf-defaults r,
   owner @{gdm_config_dirs}/dconf/user r,
diff --git a/apparmor.d/groups/gnome/seahorse b/apparmor.d/groups/gnome/seahorse
index 8c89c0584..8987ae31a 100644
--- a/apparmor.d/groups/gnome/seahorse
+++ b/apparmor.d/groups/gnome/seahorse
@@ -36,6 +36,8 @@ profile seahorse @{exec_path} {
 
   /etc/pki/trust/blocklist/ r,
   /etc/gcrypt/hwf.deny r,
+  /etc/opensc.conf r,
+  /etc/opensc/opensc.conf r,
 
   owner @{HOME}/@{XDG_SSH_DIR}/{,**} r,
 
diff --git a/apparmor.d/groups/whonix/torbrowser b/apparmor.d/groups/whonix/torbrowser
index 760b3eda7..cb63d6037 100644
--- a/apparmor.d/groups/whonix/torbrowser
+++ b/apparmor.d/groups/whonix/torbrowser
@@ -64,6 +64,7 @@ profile torbrowser @{exec_path} flags=(attach_disconnected) {
   /etc/mailcap r,
   /etc/mime.types r,
   /etc/opensc.conf r,
+  /etc/opensc/opensc.conf r,
   /etc/sysconfig/proxy r,
   /etc/xdg/* r,
   /etc/xul-ext/kwallet5.js r,
@@ -163,4 +164,4 @@ profile torbrowser @{exec_path} flags=(attach_disconnected) {
   deny @{PROC}/@{pid}/net/route r,
 
   include if exists <local/torbrowser>
-}
\ No newline at end of file
+}
diff --git a/apparmor.d/profiles-m-r/pkcs11-register b/apparmor.d/profiles-m-r/pkcs11-register
index 19d335ea6..3ca20d326 100644
--- a/apparmor.d/profiles-m-r/pkcs11-register
+++ b/apparmor.d/profiles-m-r/pkcs11-register
@@ -13,6 +13,7 @@ profile pkcs11-register @{exec_path} {
   @{exec_path} mr,
 
   /etc/opensc.conf r,
+  /etc/opensc/opensc.conf r,
 
   owner @{HOME}/.mozilla/firefox/*/pkcs11.txt rw,
   owner @{HOME}/.mozilla/firefox/profiles.ini r,
@@ -21,4 +22,4 @@ profile pkcs11-register @{exec_path} {
   owner @{HOME}/.thunderbird/profiles.ini r,
 
   include if exists <local/pkcs11-register>
-}
\ No newline at end of file
+}
diff --git a/apparmor.d/profiles-m-r/rngd b/apparmor.d/profiles-m-r/rngd
index 00820b5af..b929f1a7a 100644
--- a/apparmor.d/profiles-m-r/rngd
+++ b/apparmor.d/profiles-m-r/rngd
@@ -25,6 +25,7 @@ profile rngd @{exec_path} flags=(attach_disconnected) {
   /etc/conf.d/rngd r,
   /etc/machine-id r,
   /etc/opensc.conf r,
+  /etc/opensc/opensc.conf r,
   /var/lib/dbus/machine-id r,
 
   @{sys}/devices/virtual/misc/hw_random/rng_available r,