feat(profile): use the @{pci} varibale when possible.

2023-12-08 17:46:05 +00:00 · 2023-12-08 17:46:05 +00:00 · bb947318a5
commit bb947318a5
parent 013f1c5a83
83 changed files with 168 additions and 170 deletions
--- a/apparmor.d/groups/apps/calibre
+++ b/apparmor.d/groups/apps/calibre
@ -109,7 +109,7 @@ profile calibre @{exec_path} {

  owner /dev/shm/#@{int} rw,

-  @{sys}/devices/pci[0-9]*/**/irq r,
+  @{sys}/devices/@{pci}/irq r,

             @{PROC}/ r,
             @{PROC}/@{pids}/net/route r,
--- a/apparmor.d/groups/apps/discord
+++ b/apparmor.d/groups/apps/discord
@ -93,7 +93,7 @@ profile discord @{exec_path} {
  deny @{sys}/devices/virtual/tty/tty[0-9]/active r,
  # To remove the following error:
  # pcilib: Cannot open /sys/bus/pci/devices/0000:03:00.0/irq: Permission denied
-  @{sys}/devices/pci[0-9]*/**/irq r,
+  @{sys}/devices/@{pci}/irq r,

  deny       /dev/ r,

--- a/apparmor.d/groups/apps/freetube
+++ b/apparmor.d/groups/apps/freetube
@ -75,7 +75,7 @@ profile freetube @{exec_path} {
  # To remove the following error:
  #  pcilib: Cannot open /sys/bus/pci/devices/0000:03:00.0/irq: Permission denied
  # The irq file is needed to render pages.
-  deny @{sys}/devices/pci[0-9]*/**/irq r,
+  deny @{sys}/devices/@{pci}/irq r,

  /var/lib/dbus/machine-id r,
  /etc/machine-id r,
--- a/apparmor.d/groups/apps/signal-desktop
+++ b/apparmor.d/groups/apps/signal-desktop
@ -60,7 +60,7 @@ profile signal-desktop @{exec_path} {

  @{run}/systemd/inhibit/*.ref rw,

-  @{sys}/devices/pci[0-9]*/**/{irq,vendor,device} r,
+  @{sys}/devices/@{pci}/{irq,vendor,device} r,
  @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
  @{sys}/devices/virtual/tty/tty[0-9]/active r,
  @{sys}/fs/cgroup/** r,
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@ -218,10 +218,10 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
  @{sys}/class/ r,
  @{sys}/class/**/ r,
  @{sys}/devices/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/ r,
-  @{sys}/devices/pci[0-9]*/**/drm/card@{int}/ r,
-  @{sys}/devices/pci[0-9]*/**/drm/renderD[0-9]*/ r,
-  @{sys}/devices/pci[0-9]*/**/irq r,
+  @{sys}/devices/@{pci}/ r,
+  @{sys}/devices/@{pci}/drm/card@{int}/ r,
+  @{sys}/devices/@{pci}/drm/renderD[0-9]*/ r,
+  @{sys}/devices/@{pci}/irq r,
  @{sys}/devices/system/cpu/cpu@{int}/cache/index[0-9]/size r,
  @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
  @{sys}/devices/system/cpu/present r,
--- a/apparmor.d/groups/freedesktop/colord-sane
+++ b/apparmor.d/groups/freedesktop/colord-sane
@ -33,7 +33,7 @@ profile colord-sane @{exec_path} flags=(attach_disconnected) {
  @{run}/systemd/journal/socket rw,

  @{sys}/bus/scsi/devices/ r,
-  @{sys}/devices/pci[0-9]*/**/{vendor,model,type} r,
+  @{sys}/devices/@{pci}/{vendor,model,type} r,

  @{PROC}/sys/dev/parport/parport[0-9]*/base-addr r,
  @{PROC}/sys/dev/parport/parport[0-9]*/irq r,
--- a/apparmor.d/groups/freedesktop/iio-sensor-proxy
+++ b/apparmor.d/groups/freedesktop/iio-sensor-proxy
@ -27,9 +27,9 @@ profile iio-sensor-proxy @{exec_path} {
  @{sys}/class/ r,
  @{sys}/class/input/ r,
  @{sys}/devices/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/ r,
-  @{sys}/devices/pci[0-9]*/**/iio:*/** rw,
-  @{sys}/devices/pci[0-9]*/**/name r,
+  @{sys}/devices/@{pci}/ r,
+  @{sys}/devices/@{pci}/iio:*/** rw,
+  @{sys}/devices/@{pci}/name r,

  /dev/iio:* r,

--- a/apparmor.d/groups/freedesktop/pipewire
+++ b/apparmor.d/groups/freedesktop/pipewire
@ -69,7 +69,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
  @{sys}/bus/media/devices/ r,
  @{sys}/class/ r,
  @{sys}/devices/**/device:*/**/path r,
-  @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{idVendor,idProduct,removable,uevent} r,
+  @{sys}/devices/@{pci}/usb@{int}/**/{idVendor,idProduct,removable,uevent} r,
  @{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name,bios_vendor,board_vendor} r,

  owner @{PROC}/@{pid}/task/@{tid}/comm rw,
--- a/apparmor.d/groups/freedesktop/pipewire-media-session
+++ b/apparmor.d/groups/freedesktop/pipewire-media-session
@ -55,8 +55,7 @@ profile pipewire-media-session @{exec_path} {
  @{run}/systemd/users/@{uid} r,

  @{sys}/devices/**/sound/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/sound/**/pcm_class r,
-  @{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r,
+  @{sys}/devices/@{pci}/sound/**/pcm_class r,
  @{sys}/devices/system/node/ r,
  @{sys}/devices/system/node/node@{int}/meminfo r,

--- a/apparmor.d/groups/freedesktop/plymouthd
+++ b/apparmor.d/groups/freedesktop/plymouthd
@ -47,8 +47,7 @@ profile plymouthd @{exec_path} {
  @{sys}/class/ r,
  @{sys}/class/drm/ r,
  @{sys}/class/graphics/ r,
-  @{sys}/devices/pci[0-9]*/**/{,uevent,vendor,device} r,
-  @{sys}/devices/pci[0-9]*/**/{,uevent} r,
+  @{sys}/devices/@{pci}/{,uevent,vendor,device} r,
  @{sys}/devices/virtual/graphics/fbcon/uevent r,
  @{sys}/devices/virtual/tty/console/active r,
  @{sys}/firmware/acpi/bgrt/{,*} r,
--- a/apparmor.d/groups/freedesktop/xorg
+++ b/apparmor.d/groups/freedesktop/xorg
@ -98,10 +98,10 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
  @{sys}/devices/**/{uevent,name,id,config} r,
  @{sys}/devices/**/hid r,
  @{sys}/devices/**/power_supply/**/{type,online} r,
-  @{sys}/devices/pci[0-9]*/**/ r,
-  @{sys}/devices/pci[0-9]*/**/backlight/*/{,max_}brightness r,
-  @{sys}/devices/pci[0-9]*/**/backlight/*/brightness rw,
-  @{sys}/devices/pci[0-9]*/**/boot_vga r,
+  @{sys}/devices/@{pci}/ r,
+  @{sys}/devices/@{pci}/backlight/*/{,max_}brightness r,
+  @{sys}/devices/@{pci}/backlight/*/brightness rw,
+  @{sys}/devices/@{pci}/boot_vga r,
  @{sys}/devices/platform/ r,
  @{sys}/module/i915/{,**} r,

--- a/apparmor.d/groups/gnome/gdm
+++ b/apparmor.d/groups/gnome/gdm
@ -93,7 +93,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
  @{run}/udev/tags/master-of-seat/ r,

  @{sys}/devices/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/boot_vga r,
+  @{sys}/devices/@{pci}/boot_vga r,
  @{sys}/devices/virtual/tty/tty[0-9]*/active r,

        @{PROC}/@{pid}/cgroup r,
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@ -380,10 +380,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
  @{sys}/devices/**/hwmon/{,name,temp*,fan*} r,
  @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
  @{sys}/devices/**/power_supply/{,**} r,
-  @{sys}/devices/pci[0-9]*/**/boot_vga r,
-  @{sys}/devices/pci[0-9]*/**/drm/ r,
-  @{sys}/devices/pci[0-9]*/**/input@{int}/{properties,name} r,
-  @{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r,
+  @{sys}/devices/@{pci}/boot_vga r,
+  @{sys}/devices/@{pci}/drm/ r,
+  @{sys}/devices/@{pci}/input@{int}/{properties,name} r,
+  @{sys}/devices/@{pci}/net/*/statistics/{rx_bytes,tx_bytes} r,
  @{sys}/devices/platform/**/input@{int}/{properties,name} r,
  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
  @{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r,
--- a/apparmor.d/groups/gnome/gsd-media-keys
+++ b/apparmor.d/groups/gnome/gsd-media-keys
@ -117,7 +117,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
  @{run}/udev/data/c189:@{int} r,         # For /dev/bus/usb/**

  @{sys}/devices/**/usb[0-9]/{,**} r,
-  @{sys}/devices/pci[0-9]*/**/sound/**/uevent r,
+  @{sys}/devices/@{pci}/sound/**/uevent r,
  @{sys}/devices/platform/**/uevent r,
  @{sys}/devices/virtual/**/uevent r,

--- a/apparmor.d/groups/gnome/gsd-power
+++ b/apparmor.d/groups/gnome/gsd-power
@ -70,13 +70,13 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
  @{sys}/class/ r,
  @{sys}/class/backlight/ r,

-  @{sys}/devices/pci[0-9]*/**/class r,
-  @{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw,
-  @{sys}/devices/pci[0-9]*/**/backlight/**/{max_brightness,actual_brightness} r,
-  @{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r,
-  @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/brightness rw,
-  @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{max_brightness,actual_brightness} r,
-  @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{uevent,type,enabled} r,
+  @{sys}/devices/@{pci}/class r,
+  @{sys}/devices/@{pci}/backlight/**/brightness rw,
+  @{sys}/devices/@{pci}/backlight/**/{max_brightness,actual_brightness} r,
+  @{sys}/devices/@{pci}/backlight/**/{uevent,type} r,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/{max_brightness,actual_brightness} r,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type,enabled} r,

  @{sys}/devices/platform/**/leds/*backlight*/uevent r,
  @{sys}/devices/platform/**/leds/*backlight*/max_brightness r,
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@ -153,7 +153,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
  @{sys}/devices/**/hwmon@{int}/**/{,name,temp*,fan*} r,
  @{sys}/devices/**/hwmon/{,name,temp*,fan*} r,
  @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
-  @{sys}/devices/pci[0-9]*/**/revision r,
+  @{sys}/devices/@{pci}/revision r,
  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,

        @{PROC}/@{pids}/net/wireless r,
--- a/apparmor.d/groups/gpg/scdaemon
+++ b/apparmor.d/groups/gpg/scdaemon
@ -31,7 +31,7 @@ profile scdaemon @{exec_path} {

  @{PROC}/@{pid}/task/@{tid}/comm rw,

-  @{sys}/devices/pci[0-9]*/**/bConfigurationValue r,
+  @{sys}/devices/@{pci}/bConfigurationValue r,

  include if exists <local/scdaemon>
 }
--- a/apparmor.d/groups/kde/kaccess
+++ b/apparmor.d/groups/kde/kaccess
@ -42,7 +42,7 @@ profile kaccess @{exec_path} {

  owner @{run}/user/@{uid}/xauth_@{rand6} r,
  
-  @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
+  @{sys}/devices/@{pci}/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,

  /dev/tty r,

--- a/apparmor.d/groups/kde/kde-powerdevil
+++ b/apparmor.d/groups/kde/kde-powerdevil
@ -57,7 +57,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted)
  @{sys}/class/usbmisc/ r,
  @{sys}/devices/@{pci}/drm/card@{int}/*/status r,
  @{sys}/devices/i2c-[0-9]*/name r,
-  @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r,
+  @{sys}/devices/@{pci}/i2c-[0-9]*/name r,
  @{sys}/devices/platform/*/i2c-[0-9]*/name r,

  /dev/tty rw,
--- a/apparmor.d/groups/kde/ksmserver
+++ b/apparmor.d/groups/kde/ksmserver
@ -70,7 +70,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  owner @{run}/user/@{uid}/KSMserver__[0-9] rw,
  owner @{run}/user/@{uid}/xauth_@{rand6} rl,

-  @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
+  @{sys}/devices/@{pci}/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,

  @{PROC}/sys/kernel/core_pattern r,

--- a/apparmor.d/groups/kde/plasmashell
+++ b/apparmor.d/groups/kde/plasmashell
@ -171,7 +171,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
  @{sys}/class/{,**} r,
  @{sys}/devices/platform/** r,

-  @{sys}/devices/pci[0-9]*/**/name r,
+  @{sys}/devices/@{pci}/name r,
  @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/ r,
  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
  @{sys}/devices/system/node/ r,
--- a/apparmor.d/groups/network/NetworkManager
+++ b/apparmor.d/groups/network/NetworkManager
@ -131,8 +131,8 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {

  @{sys}/devices/**/uevent r,
  @{sys}/devices/virtual/net/{,**} r,
-  @{sys}/devices/pci[0-9]*/**/net/*/{,**} r,
-  @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/net/{,**} r,
+  @{sys}/devices/@{pci}/net/*/{,**} r,
+  @{sys}/devices/@{pci}/usb@{int}/**/net/{,**} r,

  owner @{PROC}/@{pid}/cmdline r,
  owner @{PROC}/@{pid}/fd/ r,
--- a/apparmor.d/groups/network/dhcpcd
+++ b/apparmor.d/groups/network/dhcpcd
@ -56,7 +56,7 @@ profile dhcpcd @{exec_path} flags=(attach_disconnected) {

  @{run}/udev/data/n@{int} r,

-  @{sys}/devices/pci[0-9]*/**/uevent r,
+  @{sys}/devices/@{pci}/uevent r,
  @{sys}/devices/virtual/dmi/id/product_uuid r,
  @{sys}/devices/virtual/net/**/{tun_flags,uevent} r,

--- a/apparmor.d/groups/network/mullvad-gui
+++ b/apparmor.d/groups/network/mullvad-gui
@ -57,7 +57,7 @@ profile mullvad-gui @{exec_path} flags=(attach_disconnected) {
  @{run}/systemd/inhibit/*.ref rw,

  @{sys}/bus/pci/devices/ r,
-  @{sys}/devices/pci[0-9]*/**/{vendor,device,class,config,resource,irq} r,
+  @{sys}/devices/@{pci}/{vendor,device,class,config,resource,irq} r,
  @{sys}/devices/system/cpu/** r,
  @{sys}/devices/virtual/tty/tty[0-9]*/active r,

--- a/apparmor.d/groups/network/nmcli
+++ b/apparmor.d/groups/network/nmcli
@ -24,7 +24,7 @@ profile nmcli @{exec_path} {
  @{run}/udev/data/n@{int} r,

  @{sys}/devices/virtual/net/{,**} r,
-  @{sys}/devices/pci[0-9]*/**/net/*/{,**} r,
+  @{sys}/devices/@{pci}/net/*/{,**} r,

  profile pager {
    include <abstractions/base>
--- a/apparmor.d/groups/systemd/systemd-backlight
+++ b/apparmor.d/groups/systemd/systemd-backlight
@ -28,15 +28,15 @@ profile systemd-backlight @{exec_path} {
  @{sys}/class/backlight/ r,

  @{sys}/devices/pci[0-9]*/*:@{int}.@{int}/**/ r,
-  @{sys}/devices/pci[0-9]*/**/ r,
-  @{sys}/devices/pci[0-9]*/**/backlight/**/{max_brightness,actual_brightness} r,
-  @{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r,
-  @{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw,
-  @{sys}/devices/pci[0-9]*/**/class r,
-  @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{max_brightness,actual_brightness} r,
-  @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{uevent,type} r,
-  @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/brightness rw,
-  @{sys}/devices/pci[0-9]*/**/uevent r,
+  @{sys}/devices/@{pci}/ r,
+  @{sys}/devices/@{pci}/backlight/**/{max_brightness,actual_brightness} r,
+  @{sys}/devices/@{pci}/backlight/**/{uevent,type} r,
+  @{sys}/devices/@{pci}/backlight/**/brightness rw,
+  @{sys}/devices/@{pci}/class r,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/{max_brightness,actual_brightness} r,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type} r,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw,
+  @{sys}/devices/@{pci}/uevent r,

  @{sys}/devices/platform/**/leds/*backlight*/brightness rw,
  @{sys}/devices/platform/**/leds/*backlight*/max_brightness r,
--- a/apparmor.d/groups/systemd/systemd-networkd
+++ b/apparmor.d/groups/systemd/systemd-networkd
@ -63,7 +63,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) {

  @{sys}/devices/@{pci}/rfkill@{int}/* r,
  @{sys}/devices/**/net/** r,
-  @{sys}/devices/pci[0-9]*/**/ r,
+  @{sys}/devices/@{pci}/ r,
  @{sys}/devices/virtual/dmi/id/{sys,board,bios}_vendor r,
  @{sys}/devices/virtual/dmi/id/product_name r,
  @{sys}/devices/virtual/dmi/id/product_version r,
--- a/apparmor.d/groups/ubuntu/subiquity-console-conf
+++ b/apparmor.d/groups/ubuntu/subiquity-console-conf
@ -84,8 +84,8 @@ profile subiquity-console-conf @{exec_path} {
  @{sys}/bus/ r,
  @{sys}/class/ r,
  @{sys}/devices/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/net/*/{,**} r,
-  @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/net/{,**} r,
+  @{sys}/devices/@{pci}/net/*/{,**} r,
+  @{sys}/devices/@{pci}/usb@{int}/**/net/{,**} r,
  @{sys}/devices/virtual/net/{,**} r,

        @{PROC}/cmdline r,
--- a/apparmor.d/groups/virt/k3s
+++ b/apparmor.d/groups/virt/k3s
@ -135,7 +135,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) {

  @{sys}/class/net/ r,

-  @{sys}/devices/pci[0-9]*/**/net/*/{address,mtu,speed} r,
+  @{sys}/devices/@{pci}/net/*/{address,mtu,speed} r,
  @{sys}/devices/system/edac/mc/ r,
  @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r,
  @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r,
--- a/apparmor.d/groups/virt/libvirtd
+++ b/apparmor.d/groups/virt/libvirtd
@ -198,15 +198,15 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
  @{sys}/bus/pci/drivers/*/unbind w,
  @{sys}/class/[a-z]*/ r,
  @{sys}/devices/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/{class,revision,subsystem_vendor,subsystem_device} r,
-  @{sys}/devices/pci[0-9]*/**/{config,numa_node,device,vendor} r,
-  @{sys}/devices/pci[0-9]*/**/driver_override w,
-  @{sys}/devices/pci[0-9]*/**/mdev_supported_types/{,**} r,
-  @{sys}/devices/pci[0-9]*/**/mdev_supported_types/*/create w,
-  @{sys}/devices/pci[0-9]*/**/net/*/{,**} r,
-  @{sys}/devices/pci[0-9]*/**/remove w,
-  @{sys}/devices/pci[0-9]*/**/resource r,
-  @{sys}/devices/pci[0-9]*/**/sriov_totalvfs r,
+  @{sys}/devices/@{pci}/{class,revision,subsystem_vendor,subsystem_device} r,
+  @{sys}/devices/@{pci}/{config,numa_node,device,vendor} r,
+  @{sys}/devices/@{pci}/driver_override w,
+  @{sys}/devices/@{pci}/mdev_supported_types/{,**} r,
+  @{sys}/devices/@{pci}/mdev_supported_types/*/create w,
+  @{sys}/devices/@{pci}/net/*/{,**} r,
+  @{sys}/devices/@{pci}/remove w,
+  @{sys}/devices/@{pci}/resource r,
+  @{sys}/devices/@{pci}/sriov_totalvfs r,

  @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r,
  @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r,
--- a/apparmor.d/groups/virt/virtinterfaced
+++ b/apparmor.d/groups/virt/virtinterfaced
@ -33,7 +33,7 @@ profile virtinterfaced @{exec_path} flags=(attach_disconnected) {
  @{sys}/bus/ r,
  @{sys}/class/ r,
  @{sys}/class/net/ r,
-  @{sys}/devices/pci[0-9]*/**/net/{,**} r,
+  @{sys}/devices/@{pci}/net/{,**} r,
  @{sys}/devices/system/node/ r,
  @{sys}/devices/system/node/node@{int}/meminfo r,
  @{sys}/devices/virtual/net/{,**} r,
--- a/apparmor.d/groups/virt/virtnodedevd
+++ b/apparmor.d/groups/virt/virtnodedevd
@ -79,10 +79,10 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
  @{sys}/devices/**/{class,revision,subsystem_vendor,subsystem_device} r,
  @{sys}/devices/**/{config,device,vendor} r,
  @{sys}/devices/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/net/{,**} r,
-  @{sys}/devices/pci[0-9]*/**/net/*/{duplex,address,speed,operstate} r,
-  @{sys}/devices/pci[0-9]*/**/numa_node r,
-  @{sys}/devices/pci[0-9]*/**/sriov_totalvfs r,
+  @{sys}/devices/@{pci}/net/{,**} r,
+  @{sys}/devices/@{pci}/net/*/{duplex,address,speed,operstate} r,
+  @{sys}/devices/@{pci}/numa_node r,
+  @{sys}/devices/@{pci}/sriov_totalvfs r,
  @{sys}/devices/system/node/ r,
  @{sys}/devices/system/node/node@{int}/meminfo r,
  @{sys}/devices/virtual/dmi/id/{product_name,product_serial,product_uuid,sys_vendor,board_vendor,bios_vendor,bios_date,bios_version,product_version} r,