feat(profile): cleanup profiles using the new abs.

2025-09-13 00:47:50 +02:00 · 2025-09-13 00:47:50 +02:00 · 8c6b0ce33f
commit 8c6b0ce33f
parent 51bcdd5e14
6 changed files with 8 additions and 10 deletions
--- a/apparmor.d/groups/bluetooth/bluetoothd
+++ b/apparmor.d/groups/bluetooth/bluetoothd
@ -12,6 +12,7 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.hostname1>
+  include <abstractions/uinput>

  # Needed for configuring HCI interfaces
  capability net_admin,
@ -57,7 +58,6 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
  @{PROC}/sys/kernel/hostname r,

  /dev/uhid rw,
-  /dev/uinput rw,
  /dev/rfkill rw,
  /dev/hidraw@{int} rw,

--- a/apparmor.d/groups/steam/steam
+++ b/apparmor.d/groups/steam/steam
@ -41,6 +41,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
  include <abstractions/ssl_certs>
+  include <abstractions/uinput>
  include <abstractions/video>

  capability sys_ptrace,
@ -245,7 +246,6 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  owner @{PROC}/@{pid}/task/@{tid}/comm rw,

  /dev/input/ r,
-  /dev/uinput w,

  deny /opt/** r,

@ -353,8 +353,6 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
    @{sys}/devices/**/report_descriptor r,
    @{sys}/devices/**/uevent r,
    @{sys}/devices/@{pci}/usb@{int}/**/{idVendor,idProduct,interface} r,
-    @{sys}/devices/system/cpu/kernel_max r,
-    @{sys}/devices/virtual/tty/tty@{int}/active r,

          @{PROC}/ r,
          @{PROC}/version r,