felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(abs): add the camera abstraction

Browse source
This commit is contained in:
Alexandre Pujol 2025-09-06 23:18:31 +02:00
parent ab7cba2da6
commit ec88fcbfcb
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
10 changed files with 44 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/groups/browsers/epiphany
View file

@ -12,6 +12,7 @@ profile epiphany @{exec_path} flags=(attach_disconnected) {
include <abstractions/audio-server>
include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.GeoClue2>
include <abstractions/camera>
include <abstractions/common/bwrap>
include <abstractions/common/gnome>
include <abstractions/gstreamer>
@ -61,8 +62,6 @@ profile epiphany @{exec_path} flags=(attach_disconnected) {
deny @{user_share_dirs}/gvfs-metadata/* r,
/dev/video@{int} rw,
include if exists <local/epiphany>
}

2
apparmor.d/groups/freedesktop/pipewire
View file

@ -14,8 +14,8 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus-session>
include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.RealtimeKit1>
include <abstractions/camera>
include <abstractions/nameservice-strict>
include <abstractions/video>
capability sys_ptrace,

2
apparmor.d/groups/freedesktop/pipewire-media-session
View file

@ -14,9 +14,9 @@ profile pipewire-media-session @{exec_path} {
include <abstractions/bus-session>
include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.RealtimeKit1>
include <abstractions/camera>
include <abstractions/devices-usb>
include <abstractions/nameservice-strict>
include <abstractions/video>
network bluetooth raw,
network bluetooth seqpacket,

3
apparmor.d/groups/freedesktop/pulseaudio
View file

@ -18,6 +18,7 @@ profile pulseaudio @{exec_path} {
include <abstractions/bus/org.freedesktop.Avahi>
include <abstractions/bus/org.freedesktop.hostname1>
include <abstractions/bus/org.freedesktop.RealtimeKit1>
include <abstractions/camera>
include <abstractions/consoles>
include <abstractions/dconf-write>
include <abstractions/dri>
@ -105,7 +106,6 @@ profile pulseaudio @{exec_path} {
@{sys}/devices/**/sound/**/{uevent,pcm_class} r,
@{sys}/devices/virtual/dmi/id/{bios_vendor,board_vendor,sys_vendor} r,
@{sys}/devices/virtual/video4linux/video@{int}/uevent r,
deny @{sys}/module/apparmor/parameters/enabled r,
@ -114,7 +114,6 @@ profile pulseaudio @{exec_path} {
owner @{PROC}/@{pids}/cmdline r,
/dev/media@{int} r,
/dev/video@{int} rw,
# file_inherit
owner /dev/tty@{int} rw,

3
apparmor.d/groups/freedesktop/wireplumber
View file

@ -16,9 +16,9 @@ profile wireplumber @{exec_path} {
include <abstractions/bus/org.freedesktop.impl.portal.PermissionStore>
include <abstractions/bus/org.freedesktop.RealtimeKit1>
include <abstractions/bus/org.freedesktop.UPower>
include <abstractions/camera>
include <abstractions/devices-usb>
include <abstractions/nameservice-strict>
include <abstractions/video>
network bluetooth raw,
network bluetooth seqpacket,
@ -71,7 +71,6 @@ profile wireplumber @{exec_path} {
@{sys}/bus/ r,
@{sys}/bus/media/devices/ r,
@{sys}/devices/@{pci}/video4linux/video@{int}/uevent r,
@{sys}/devices/**/device:*/{,**/}path r,
@{sys}/devices/**/sound/**/pcm_class r,
@{sys}/devices/**/sound/**/uevent r,