# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/3.0>,

include <tunables/global>

@{exec_path} = @{lib}/iio-sensor-proxy
profile iio-sensor-proxy @{exec_path} {
  include <abstractions/base>

  capability net_admin,

  network netlink raw,

  #aa:dbus own bus=system name=net.hadess.SensorProxy

  @{exec_path} mr,

  @{run}/udev/data/+platform:* r,
  @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
  @{run}/udev/data/c13:@{int}  r,         # For /dev/input/*
  @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511

  @{sys}/bus/ r,
  @{sys}/bus/iio/devices/ r,
  @{sys}/bus/platform/devices/ r,
  @{sys}/class/ r,
  @{sys}/class/input/ r,
  @{sys}/devices/**/uevent r,
  @{sys}/devices/@{pci}/ r,
  @{sys}/devices/@{pci}/iio:*/** rw,
  @{sys}/devices/@{pci}/name r,

  /dev/iio:* r,

  include if exists <local/iio-sensor-proxy>
}

# vim:syntax=apparmor