feat(profile): use the @{pci} varibale when possible.

2023-12-08 17:46:05 +00:00 · 2023-12-08 17:46:05 +00:00 · bb947318a5
commit bb947318a5
parent 013f1c5a83
83 changed files with 168 additions and 170 deletions
--- a/apparmor.d/profiles-s-z/sensors
+++ b/apparmor.d/profiles-s-z/sensors
@ -26,7 +26,7 @@ profile sensors @{exec_path} {
  @{sys}/devices/**/hwmon*/**/{name,temp*,*_input} r,
  @{sys}/devices/**/hwmon/hwmon@{int}/power[0-9]*_crit r,
  @{sys}/devices/{,platform/*.{i2c,hdmi}/}i2c-[0-9]*/name r,
-  @{sys}/devices/pci[0-9]*/**/name r,
+  @{sys}/devices/@{pci}/name r,
  @{sys}/devices/platform/**/power_supply/**/hwmon@{int}/curr1_max r,
  @{sys}/devices/virtual/hwmon/hwmon[0-9]* r,
  @{sys}/devices/virtual/hwmon/hwmon@{int}/ r,
--- a/apparmor.d/profiles-s-z/sensors-detect
+++ b/apparmor.d/profiles-s-z/sensors-detect
@ -27,9 +27,9 @@ profile sensors-detect @{exec_path} {
  @{sys}/bus/pci/devices/ r,
  @{sys}/class/i2c-adapter/ r,

-  @{sys}/devices/pci[0-9]*/**/{class,vendor,device} r,
-  @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r,
-  @{sys}/devices/pci[0-9]*/**/modalias r,
+  @{sys}/devices/@{pci}/{class,vendor,device} r,
+  @{sys}/devices/@{pci}/i2c-[0-9]*/name r,
+  @{sys}/devices/@{pci}/modalias r,
  @{sys}/devices/virtual/dmi/id/board_{version,vendor,name} r,
  @{sys}/devices/virtual/dmi/id/product_{version,name} r,
  @{sys}/devices/virtual/dmi/id/chassis_type r,
--- a/apparmor.d/profiles-s-z/sfdisk
+++ b/apparmor.d/profiles-s-z/sfdisk
@ -30,7 +30,7 @@ profile sfdisk @{exec_path} {
  # For disk images
  owner @{user_img_dirs}/{,**} rwk,

-  owner @{sys}/devices/pci[0-9]*/**/model r,
+  owner @{sys}/devices/@{pci}/model r,

  include if exists <local/sfdisk>
 }
--- a/apparmor.d/profiles-s-z/spflashtool
+++ b/apparmor.d/profiles-s-z/spflashtool
@ -43,7 +43,7 @@ profile spflashtool @{exec_path} {
  # For reading/writing from/to phone flash memory
  /dev/ttyACM[0-9]* rw,

-  @{sys}/devices/pci[0-9]*/**/{idVendor,idProduct} r,
+  @{sys}/devices/@{pci}/{idVendor,idProduct} r,

  # Silence the noise
  /opt/SPFlashTool/** w,
--- a/apparmor.d/profiles-s-z/steam
+++ b/apparmor.d/profiles-s-z/steam
@ -183,10 +183,10 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
  @{sys}/devices/**/input@{int}/capabilities/* r,
  @{sys}/devices/**/input/input@{int}/ r,
  @{sys}/devices/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/class r,
-  @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/report_descriptor r,
-  @{sys}/devices/pci[0-9]*/**/sound/card[0-9]*/** r,
-  @{sys}/devices/pci[0-9]*/**/usb[0-9]*/{manufacturer,product,bcdDevice,bInterfaceNumber} r,
+  @{sys}/devices/@{pci}/class r,
+  @{sys}/devices/@{pci}/i2c-[0-9]*/report_descriptor r,
+  @{sys}/devices/@{pci}/sound/card[0-9]*/** r,
+  @{sys}/devices/@{pci}/usb@{int}/{manufacturer,product,bcdDevice,bInterfaceNumber} r,
  @{sys}/devices/system/cpu/** r,
  @{sys}/devices/system/node/ r,
  @{sys}/devices/virtual/dmi/id/bios_version rk,
--- a/apparmor.d/profiles-s-z/steam-game
+++ b/apparmor.d/profiles-s-z/steam-game
@ -207,8 +207,8 @@ profile steam-game @{exec_path} flags=(attach_disconnected) {
  @{sys}/devices/**/input@{int}/capabilities/* r,
  @{sys}/devices/**/input/input@{int}/ r,
  @{sys}/devices/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/sound/card[0-9]*/** r,
-  @{sys}/devices/pci[0-9]*/**/usb[0-9]*/{manufacturer,product,bcdDevice,bInterfaceNumber} r,
+  @{sys}/devices/@{pci}/sound/card[0-9]*/** r,
+  @{sys}/devices/@{pci}/usb@{int}/{manufacturer,product,bcdDevice,bInterfaceNumber} r,
  @{sys}/devices/system/clocksource/clocksource[0-9]*/current_clocksource r,
  @{sys}/devices/system/cpu/** r,
  @{sys}/devices/system/node/node[0-9]/cpumap r,
--- a/apparmor.d/profiles-s-z/switcheroo-control
+++ b/apparmor.d/profiles-s-z/switcheroo-control
@ -31,7 +31,7 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) {
  @{sys}/bus/ r,
  @{sys}/class/ r,
  @{sys}/class/drm/ r,
-  @{sys}/devices/pci[0-9]*/**/boot_vga r,
+  @{sys}/devices/@{pci}/boot_vga r,
  @{sys}/devices/{pci[0-9]*,virtual}/**/uevent r,

  include if exists <local/switcheroo-control>
--- a/apparmor.d/profiles-s-z/thermald
+++ b/apparmor.d/profiles-s-z/thermald
@ -38,11 +38,11 @@ profile thermald @{exec_path} flags=(attach_disconnected) {
  @{sys}/devices/system/cpu/intel_pstate/no_turbo rw,
  @{sys}/devices/system/cpu/intel_pstate/status r,

-  @{sys}/devices/pci[0-9]*/**/drm/**/intel_backlight/max_brightness r,
-  @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_max_uw r,
-  @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_min_uw r,
-  @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_tmax_us r,
-  @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_tmin_us r,
+  @{sys}/devices/@{pci}/drm/**/intel_backlight/max_brightness r,
+  @{sys}/devices/@{pci}/power_limits/power_limit_@{int}_max_uw r,
+  @{sys}/devices/@{pci}/power_limits/power_limit_@{int}_min_uw r,
+  @{sys}/devices/@{pci}/power_limits/power_limit_@{int}_tmax_us r,
+  @{sys}/devices/@{pci}/power_limits/power_limit_@{int}_tmin_us r,

  @{sys}/devices/**/hwmon@{int}/ r,
  @{sys}/devices/**/hwmon@{int}/name r,
--- a/apparmor.d/profiles-s-z/thunderbird-glxtest
+++ b/apparmor.d/profiles-s-z/thunderbird-glxtest
@ -28,7 +28,7 @@ profile thunderbird-glxtest @{exec_path} {
  owner /tmp/thunderbird/.parentlock rw,

  @{sys}/bus/pci/devices/ r,
-  @{sys}/devices/pci[0-9]*/**/class r,
+  @{sys}/devices/@{pci}/class r,

  owner @{PROC}/@{pid}/cmdline r,

--- a/apparmor.d/profiles-s-z/udisksd
+++ b/apparmor.d/profiles-s-z/udisksd
@ -135,8 +135,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
  @{sys}/class/nvme-subsystem/ r,
  @{sys}/class/nvme/ r,
  @{sys}/devices/@{pci}/uevent r,
-  @{sys}/devices/pci[0-9]*/**/{ata,usb,mmc,virtio}[0-9]/{,**/}uevent w,
-  @{sys}/devices/pci[0-9]*/**/{ata,usb,mmc}[0-9]/{,**/}remove rw,
+  @{sys}/devices/@{pci}/{ata,usb,mmc,virtio}[0-9]/{,**/}uevent w,
+  @{sys}/devices/@{pci}/{ata,usb,mmc}[0-9]/{,**/}remove rw,
  @{sys}/devices/virtual/bdi/**/read_ahead_kb r,
  @{sys}/devices/virtual/block/*/{,**} rw,
  @{sys}/devices/virtual/block/loop[0-9]*/uevent rw,
--- a/apparmor.d/profiles-s-z/usbguard
+++ b/apparmor.d/profiles-s-z/usbguard
@ -29,7 +29,7 @@ profile usbguard @{exec_path} {
  /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw,

  # For "usbguard generate-policy"
-  @{sys}/devices/pci[0-9]*/**/uevent r,
+  @{sys}/devices/@{pci}/uevent r,

  include if exists <local/usbguard>
 }
--- a/apparmor.d/profiles-s-z/usbguard-daemon
+++ b/apparmor.d/profiles-s-z/usbguard-daemon
@ -33,7 +33,7 @@ profile usbguard-daemon @{exec_path} flags=(attach_disconnected) {
  /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/ rw,
  /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw,

-  @{sys}/devices/pci[0-9]*/**/uevent r,
+  @{sys}/devices/@{pci}/uevent r,

  include if exists <local/usbguard-daemon>
 }
--- a/apparmor.d/profiles-s-z/virt-manager
+++ b/apparmor.d/profiles-s-z/virt-manager
@ -95,7 +95,7 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
  @{run}/udev/data/c5[0-9]*:@{int} r,

  @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
-  @{sys}/devices/pci[0-9]*/**/drm/ r,
+  @{sys}/devices/@{pci}/drm/ r,
  @{sys}/devices/virtual/drm/ttm/uevent r,

  owner @{PROC}/@{pid}/mountinfo r,
--- a/apparmor.d/profiles-s-z/vnstat
+++ b/apparmor.d/profiles-s-z/vnstat
@ -42,10 +42,10 @@ profile vnstat @{exec_path} {

  @{sys}/class/net/ r,

-  @{sys}/devices/pci[0-9]*/**/net/*/statistics/{tx,rx}_{bytes,packets} r,
+  @{sys}/devices/@{pci}/net/*/statistics/{tx,rx}_{bytes,packets} r,
  @{sys}/devices/virtual/net/*/statistics/{tx,rx}_{bytes,packets} r,

-  @{sys}/devices/pci[0-9]*/**/net/*/speed r,
+  @{sys}/devices/@{pci}/net/*/speed r,
  @{sys}/devices/virtual/net/*/speed r,

  @{PROC}/@{pid}/net/dev r,
--- a/apparmor.d/profiles-s-z/vnstatd
+++ b/apparmor.d/profiles-s-z/vnstatd
@ -16,7 +16,7 @@ profile vnstatd @{exec_path} {
  /etc/vnstat.conf r,

  # To determine capacity of a network interface
-  @{sys}/devices/pci[0-9]*/**/net/**/speed r,
+  @{sys}/devices/@{pci}/net/**/speed r,
  @{sys}/devices/virtual/net/**/speed r,

  # To collect interfaces' data
--- a/apparmor.d/profiles-s-z/wireplumber
+++ b/apparmor.d/profiles-s-z/wireplumber
@ -65,7 +65,7 @@ profile wireplumber @{exec_path} {
  @{sys}/devices/**/device:*/**/path r,
  @{sys}/devices/**/sound/**/pcm_class r,
  @{sys}/devices/**/sound/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r,
+  @{sys}/devices/@{pci}/video4linux/video[0-9]*/uevent r,
  @{sys}/devices/virtual/dmi/id/bios_vendor r,
  @{sys}/devices/virtual/dmi/id/product_name r,
  @{sys}/devices/virtual/dmi/id/sys_vendor r,
--- a/apparmor.d/profiles-s-z/wpa-supplicant
+++ b/apparmor.d/profiles-s-z/wpa-supplicant
@ -48,7 +48,7 @@ profile wpa-supplicant @{exec_path} flags=(attach_disconnected) {

  owner @{run}/wpa_supplicant/{,**} rw,

-  @{sys}/devices/pci[0-9]*/**/ieee*/phy@{int}/name r,
+  @{sys}/devices/@{pci}/ieee*/phy@{int}/name r,

  @{PROC}/sys/net/ipv{4,6}/conf/p2p*/drop_* rw,
  @{PROC}/sys/net/ipv{4,6}/conf/wlan*/drop_* rw,