# apparmor.d - Full set of apparmor profiles # Copyright (C) 2015-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = @{bin}/pipewire profile pipewire @{exec_path} flags=(attach_disconnected) { include include include include include include include capability sys_ptrace, network netlink raw, ptrace (read), #aa:dbus own bus=session name=org.pulseaudio.Server dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={GetConnectionUnixUser,GetConnectionUnixProcessID} peer=(name=org.freedesktop.DBus, label=dbus-session), dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), @{exec_path} mrix, @{bin}/pactl rix, @{bin}/pipewire-media-session rPx, /usr/share/pipewire/{,**} r, /etc/pipewire/{,**} r, / r, /.flatpak-info r, owner @{user_config_dirs}/pipewire/{,**} r, owner @{tmp}/librnnoise-@{int}.so rm, owner @{run}/user/@{uid}/pipewire-@{int} rw, owner @{run}/user/@{uid}/pipewire-@{int}-manager.lock rwk, owner @{run}/user/@{uid}/pipewire-@{int}.lock rwk, owner @{run}/user/@{uid}/pulse/pid rw, @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 @{sys}/bus/ r, @{sys}/bus/media/devices/ r, @{sys}/class/ r, @{sys}/devices/@{pci}/usb@{int}/**/{idVendor,idProduct,removable,uevent} r, @{sys}/devices/**/device:*/**/path r, @{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name,bios_vendor,board_vendor} r, @{sys}/module/apparmor/parameters/enabled r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, /dev/media@{int} rw, include if exists } # vim:syntax=apparmor