From 9b7ab9cbc3c72f6b9d67dc5950e5711592d1d1f6 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 26 May 2021 20:49:04 +0100
Subject: [PATCH] Add paccache profile.

---
 apparmor.d/groups/pacman/paccache | 35 +++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 apparmor.d/groups/pacman/paccache

diff --git a/apparmor.d/groups/pacman/paccache b/apparmor.d/groups/pacman/paccache
new file mode 100644
index 000000000..6e1f75955
--- /dev/null
+++ b/apparmor.d/groups/pacman/paccache
@@ -0,0 +1,35 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/paccache
+profile paccache @{exec_path} {
+  include <abstractions/base>
+  
+  capability dac_read_search,
+  capability mknod,
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/cat          rix,
+  /{usr/,}bin/gettext      rix,
+  /{usr/,}bin/pacman-conf  rPx,
+  /{usr/,}bin/pacman       rPUx,
+  /{usr/,}bin/tput         rix,
+  /{usr/,}bin/pacsort      rix,
+  /{usr/,}bin/gawk         rix,
+  /{usr/,}bin/bash         rix,
+
+  /usr/share/makepkg/util/*.sh r,
+  /usr/share/terminfo/x/xterm-256color r,
+
+  /var/cache/pacman/pkg/{,*} rw,
+
+  /dev/tty rw,
+
+  include if exists <local/paccache>
+}
\ No newline at end of file