# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2018-2021 Mikhail Morfikov
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/3.0>,

include <tunables/global>

@{exec_path} = @{bin}/hdparm
profile hdparm @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/user-download-strict>
  include <abstractions/private-files-strict>
  include <abstractions/disks-read>

  # To remove the following errors:
  #  re-writing sector *: BLKFLSBUF failed: Permission denied
  capability sys_admin,

  # To remove the following errors:
  #  /dev/sda: HDIO_DRIVE_CMD(identify) failed: Operation not permitted
  capability sys_rawio,

  @{exec_path} mr,

  /etc/hdparm.conf r,

  # Image files
  owner @{user_img_dirs}/{,**} r,

  # for hdparm --fibmap
  @{PROC}/devices r,

  include if exists <local/hdparm>
}

# vim:syntax=apparmor