From 82bbe96bfa28d374e9d9ee440bd49c5a27ad6ffa Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 3 Jun 2022 20:16:38 +0100
Subject: [PATCH] feat(profiles): add ModemManager.

---
 apparmor.d/groups/network/ModemManager | 37 ++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 apparmor.d/groups/network/ModemManager

diff --git a/apparmor.d/groups/network/ModemManager b/apparmor.d/groups/network/ModemManager
new file mode 100644
index 000000000..7ff48ff57
--- /dev/null
+++ b/apparmor.d/groups/network/ModemManager
@@ -0,0 +1,37 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}{,s}bin/ModemManager
+profile ModemManager @{exec_path} flags=(attach_disconnected) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/dbus-strict>
+
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  @{run}/udev/data/+pci:* r,
+  @{run}/udev/data/+platform* r,
+  @{run}/udev/data/c4:[0-9]* r,     # for /dev/tty[0-9]*
+  @{run}/udev/data/c5:[0-9]* r,     # for /dev/tty, /dev/console, /dev/ptmx
+  @{run}/udev/data/n[0-9]* r,
+
+  @{sys}/bus/ r,
+  @{sys}/class/ r,
+  @{sys}/class/net/ r,
+  @{sys}/class/tty/ r,
+  @{sys}/class/wwan/ r,
+
+  @{sys}/devices/**/uevent r,
+  @{sys}/devices/pci[0-9]*/**/{vendor,device,revision} r,
+  @{sys}/devices/virtual/net/lo/ r,
+  @{sys}/devices/virtual/tty/*/ r,
+
+  include if exists <local/ModemManager>
+}
\ No newline at end of file