# apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = /{usr/,}bin/qtox profile qtox @{exec_path} { include include include include include include include include include include include include include network inet dgram, network inet6 dgram, network inet stream, network inet6 stream, network netlink raw, @{exec_path} mr, /{usr/,}bin/xdg-open rCx -> open, # For importing old profile owner @{HOME}/**.tox r, owner @{MOUNTS}/**.tox r, owner @{HOME}/ r, owner @{user_cache_dirs}/qTox/ rw, owner @{user_cache_dirs}/qTox/qtox.log rw, owner @{user_config_dirs}/tox/ rw, owner @{user_config_dirs}/tox/** rwkl -> @{HOME}/.config/tox/**, owner @{user_config_dirs}/autostart/qTox*.desktop rw, owner @{user_share_dirs}/qTox/ rw, owner @{user_share_dirs}/qTox/** rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner @{PROC}/@{pid}/cmdline r, @{PROC}/sys/kernel/core_pattern r, # for KCrash::initialize() /usr/share/hwdata/pnp.ids r, /var/lib/dbus/machine-id r, /etc/machine-id r, owner /tmp/qipc_{systemsem,sharedmemory}_*@{hex} rw, @{sys}/devices/system/node/ r, # for ld-linux-x86-64.so -> libnuma1.so @{sys}/devices/system/node/node[0-9]*/meminfo r, # for ld-linux-x86-64.so -> libnuma1.so /dev/ r, /dev/video[0-9]* rw, profile open { include include /{usr/,}bin/xdg-open mr, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/{m,g,}awk rix, /{usr/,}bin/readlink rix, /{usr/,}bin/basename rix, owner @{HOME}/ r, owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, /{usr/,}bin/viewnior rPUx, # file_inherit owner @{HOME}/.xsession-errors w, owner @{user_cache_dirs}/qTox/qtox.log w, deny /dev/video[0-9]* rw, } include if exists }