feat(profile): use the @{pci} varibale when possible.

2023-12-08 17:46:05 +00:00 · 2023-12-08 17:46:05 +00:00 · bb947318a5
commit bb947318a5
parent 013f1c5a83
83 changed files with 168 additions and 170 deletions
--- a/apparmor.d/profiles-a-f/arduino
+++ b/apparmor.d/profiles-a-f/arduino
@ -100,7 +100,7 @@ profile arduino @{exec_path} {

  @{sys}/fs/cgroup/{,**} r,
  @{sys}/class/tty/ r,
-  @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{idVendor,idProduct,manufacturer,serial,product} r,
+  @{sys}/devices/@{pci}/usb@{int}/**/{idVendor,idProduct,manufacturer,serial,product} r,

  /dev/ttyS@{int} rw,
  /dev/ttyACM@{int} rw,
--- a/apparmor.d/profiles-a-f/bluetoothd
+++ b/apparmor.d/profiles-a-f/bluetoothd
@ -41,8 +41,8 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
  @{run}/sdp rw,
  @{run}/udev/data/+hid:* r,              # for HID-Compliant Keyboard

-  @{sys}/devices/pci[0-9]*/**/rfkill[0-9]*/name r,
-  @{sys}/devices/pci[0-9]*/**/bluetooth/**/{uevent,name} r,
+  @{sys}/devices/@{pci}/rfkill[0-9]*/name r,
+  @{sys}/devices/@{pci}/bluetooth/**/{uevent,name} r,
  @{sys}/devices/platform/**/rfkill/**/name r,
  @{sys}/devices/virtual/dmi/id/chassis_type r,

--- a/apparmor.d/profiles-a-f/boltd
+++ b/apparmor.d/profiles-a-f/boltd
@ -39,13 +39,13 @@ profile boltd @{exec_path} flags=(attach_disconnected) {
  @{sys}/bus/thunderbolt/devices/ r,
  @{sys}/bus/wmi/devices/ r,
  @{sys}/class/ r,
-  @{sys}/devices/pci[0-9]*/**/device  r,
-  @{sys}/devices/pci[0-9]*/**/domain[0-9]*/{security,uevent} r,
-  @{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/ r,
-  @{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/{authorized,generation} r,
-  @{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/{uevent,unique_id} r,
-  @{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/{vendor,device}_name r,
-  @{sys}/devices/pci[0-9]*/**/domain[0-9]*/iommu_dma_protection r,
+  @{sys}/devices/@{pci}/device  r,
+  @{sys}/devices/@{pci}/domain[0-9]*/{security,uevent} r,
+  @{sys}/devices/@{pci}/domain[0-9]*/**/ r,
+  @{sys}/devices/@{pci}/domain[0-9]*/**/{authorized,generation} r,
+  @{sys}/devices/@{pci}/domain[0-9]*/**/{uevent,unique_id} r,
+  @{sys}/devices/@{pci}/domain[0-9]*/**/{vendor,device}_name r,
+  @{sys}/devices/@{pci}/domain[0-9]*/iommu_dma_protection r,
  @{sys}/devices/platform/**/uevent r,
  @{sys}/devices/platform/*/wmi_bus/wmi_bus-*/@{uuid}/force_power rw,
  @{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name} r,
--- a/apparmor.d/profiles-a-f/btop
+++ b/apparmor.d/profiles-a-f/btop
@ -26,11 +26,11 @@ profile btop @{exec_path} {
  @{sys}/class/power_supply/ r,
  @{sys}/class/hwmon/ r,
  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r,
-  @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/ r,
+  @{sys}/devices/virtual/thermal/thermal_zone@{int}/ r,
  @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/{,*} r,
  @{sys}/devices/platform/coretemp.@{int}/hwmon/hwmon@{int}/{,*} r,
  @{sys}/devices/virtual/block/dm-@{int}/stat r,
-  @{sys}/devices/pci[0-9]*/**/host@{int}/*/*/block/*/*/stat r,
+  @{sys}/devices/@{pci}/host@{int}/*/*/block/*/*/stat r,
  @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/statistics/{rx,tx}_bytes r,
  @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/address r,
  @{sys}/devices/pci[0-9]*/*/*/usb@{int}/**/power_supply/hidpp_battery_[@{int}/{,hwmon@{int}/} r,
--- a/apparmor.d/profiles-a-f/code
+++ b/apparmor.d/profiles-a-f/code
@ -89,7 +89,7 @@ profile code flags=(attach_disconnected) {
  @{sys}/devices/system/cpu/present r,
  @{sys}/devices/system/cpu/kernel_max r,
  @{sys}/devices/virtual/tty/tty[0-9]*/active r,
-  @{sys}/devices/pci[0-9]*/**/irq r,
+  @{sys}/devices/@{pci}/irq r,

        @{PROC}/ r,
        @{PROC}/@{pid}/fd/ r,
--- a/apparmor.d/profiles-a-f/conky
+++ b/apparmor.d/profiles-a-f/conky
@ -104,7 +104,7 @@ profile conky @{exec_path} {
  deny ptrace (trace, read),

  # Display the hard disk model name
-  @{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/**/model r,
+  @{sys}/devices/@{pci}/{usb,ata}[0-9]/**/model r,
  @{sys}/block/{s,v}d[a-z]/device/model r,
  # Display the disk write/read speed
  @{PROC}/diskstats r,
--- a/apparmor.d/profiles-a-f/dumpcap
+++ b/apparmor.d/profiles-a-f/dumpcap
@ -34,8 +34,8 @@ profile dumpcap @{exec_path} {
  @{sys}/bus/usb/devices/ r,
  @{sys}/devices/virtual/net/*/type r,
  @{sys}/devices/virtual/net/*/statistics/* r,
-  @{sys}/devices/pci[0-9]*/**/net/*/type r,
-  @{sys}/devices/pci[0-9]*/**/net/*/statistics/* r,
+  @{sys}/devices/@{pci}/net/*/type r,
+  @{sys}/devices/@{pci}/net/*/statistics/* r,

  @{PROC}/@{pid}/net/dev r,
  @{PROC}/@{pid}/net/psched r,
--- a/apparmor.d/profiles-a-f/edid-decode
+++ b/apparmor.d/profiles-a-f/edid-decode
@ -12,7 +12,7 @@ profile edid-decode @{exec_path} {

  @{exec_path} mr,

-  @{sys}/devices/pci[0-9]*/**/drm/card[0-9]/*/edid r,
+  @{sys}/devices/@{pci}/drm/card[0-9]/*/edid r,

  include if exists <local/edid-decode>
 }
--- a/apparmor.d/profiles-a-f/fprintd
+++ b/apparmor.d/profiles-a-f/fprintd
@ -37,7 +37,7 @@ profile fprintd @{exec_path} flags=(attach_disconnected) {
  @{run}/udev/data/c25[0-4]:@{int} r,

  @{sys}/class/hidraw/ r,
-  @{sys}/devices/pci[0-9]*/**/hidraw/hidraw[0-9]*/uevent r,
+  @{sys}/devices/@{pci}/hidraw/hidraw[0-9]*/uevent r,
  @{sys}/devices/virtual/**/hidraw/hidraw[0-9]*/uevent r,

  include if exists <local/fprintd>