From 8697a6a7e1d78f99ee2ee19cd10dfca6d4ccaaa5 Mon Sep 17 00:00:00 2001
From: beroal <me@beroal.in.ua>
Date: Wed, 14 May 2025 18:40:40 +0300
Subject: [PATCH] `cheese`: video capturing (#730)

---
 apparmor.d/profiles-a-f/cheese | 53 ++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 apparmor.d/profiles-a-f/cheese

diff --git a/apparmor.d/profiles-a-f/cheese b/apparmor.d/profiles-a-f/cheese
new file mode 100644
index 000000000..cadd1beab
--- /dev/null
+++ b/apparmor.d/profiles-a-f/cheese
@@ -0,0 +1,53 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Roman Beslik <me@beroal.in.ua>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/cheese
+profile cheese @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/audio-client>
+  include <abstractions/dconf-write>
+  include <abstractions/desktop>
+  include <abstractions/graphics>
+  include <abstractions/gstreamer>
+  include <abstractions/nameservice-strict>
+  include <abstractions/thumbnails-cache-write>
+
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  @{bin}/bwrap Px -> gnome-desktop-thumbnailers,
+  @{open_path} rPx -> child-open-help,
+
+  @{system_share_dirs}/gnome-video-effects/{,*.effect} r,
+  @{system_share_dirs}/ladspa/rdf/{,**} r,
+  @{system_share_dirs}/thumbnailers/{,*.thumbnailer} r,
+
+  /etc/machine-id r,
+
+  owner @{HOME}/ r, # file save dialog
+  owner @{user_pictures_dirs}/{,**} rw,
+  owner @{user_videos_dirs}/{,**} rw,
+
+  owner @{user_cache_dirs}/gnome-desktop-thumbnailer/gstreamer-1.0/ r,
+
+        @{run}/udev/data/c@{dynamic}:@{int} r,
+  owner @{tmp}/flatpak-seccomp-@{rand6} rw,
+  owner @{tmp}/gnome-desktop-thumbnailer-@{rand6}/{,**} rw,
+
+  @{sys}/devices/virtual/dmi/id/{bios_vendor,board_vendor,product_name,sys_vendor} r,
+
+  owner @{PROC}/@{pid}/task/@{tid}/comm rw,
+
+  /dev/media@{int} rw,
+  /dev/video@{int} rw,
+
+  include if exists <local/cheese>
+}
+
+# vim:syntax=apparmor