From d5002a67740e10096cb3a126b2c467e55459e895 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 26 May 2025 23:52:39 +0200
Subject: [PATCH] fix(profile): fwupd

fix #752
---
 apparmor.d/profiles-a-f/fwupd    | 4 +++-
 apparmor.d/profiles-a-f/fwupdmgr | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd
index 71addde64..a07bb4dba 100644
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@@ -50,6 +50,7 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
 
   /usr/share/fwupd/{,**} r,
   /usr/share/hwdata/* r,
+  /usr/share/libdrm/*.ids
   /usr/share/mime/mime.cache r,
 
   /etc/fwupd/{,**} rw,
@@ -80,6 +81,7 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
   @{sys}/**/ r,
   @{sys}/devices/** r,
 
+  @{sys}/**/uevent r,
   @{sys}/firmware/acpi/** r,
   @{sys}/firmware/dmi/tables/DMI r,
   @{sys}/firmware/dmi/tables/smbios_entry_point r,
@@ -87,9 +89,9 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
   @{sys}/firmware/efi/efivars/Boot@{hex}-@{uuid} rw,
   @{sys}/firmware/efi/efivars/BootNext-@{uuid} rw,
   @{sys}/firmware/efi/efivars/fwupd-* rw,
+  @{sys}/firmware/efi/efivars/KEK-@{uuid} rw,
   @{sys}/kernel/security/lockdown r,
   @{sys}/kernel/security/tpm@{int}/binary_bios_measurements r,
-  @{sys}/**/uevent r,
   @{sys}/power/mem_sleep r,
 
   @{att}/@{run}/systemd/inhibit/@{int}.ref rw,
diff --git a/apparmor.d/profiles-a-f/fwupdmgr b/apparmor.d/profiles-a-f/fwupdmgr
index 6dffac5a6..b0a651315 100644
--- a/apparmor.d/profiles-a-f/fwupdmgr
+++ b/apparmor.d/profiles-a-f/fwupdmgr
@@ -34,6 +34,9 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected) {
   @{bin}/dbus-launch   Cx -> bus,
   @{bin}/pkttyagent    Px,
 
+  /usr/share/terminfo/** r,
+
+  /etc/inputrc r,
   /etc/machine-id r,
 
   owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc}.* rw,