# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Mikhail Morfikov
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/3.0>,

include <tunables/global>

@{exec_path} = /{usr/,}sbin/wpa_action
profile wpa-action @{exec_path} {
  include <abstractions/base>

  capability net_admin,

  network netlink raw,

  @{exec_path} mr,

  /{usr/,}sbin/wpa_cli   rPx,

  /{usr/,}bin/{,ba,da}sh rix,
  /{usr/,}bin/logger     rix,
  /{usr/,}bin/ln         rix,
  /{usr/,}sbin/ifup      rix,
  /{usr/,}bin/rm         rix,
  /{usr/,}bin/ip         rix,
  /{usr/,}bin/{,e}grep   rix,
  /{usr/,}bin/cat        rix,
  /{usr/,}bin/date       rix,

  /etc/wpa_supplicant/{,**} r,

  owner @{run}/wpa_action.wlan[0-9]*.ifupdown rw,
  owner @{run}/wpa_action.wlan[0-9]*.timestamp rw,
  owner @{run}/network/ifstate.wlan[0-9]* rwk,
  owner @{run}/sendsigs.omit.d/wpasupplicant.wpa_supplicant.wlan[0-9]*.pid rw,

  /etc/network/interfaces r,
  /etc/network/interfaces.d/{,*} r,

  include if exists <local/wpa-action>
}