# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/3.0>,

include <tunables/global>

@{exec_path} = @{lib}/gsd-power
profile gsd-power @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
  include <abstractions/bus/net.hadess.PowerProfiles>
  include <abstractions/bus/org.a11y>
  include <abstractions/bus/org.freedesktop.hostname1>
  include <abstractions/bus/org.freedesktop.login1.Session>
  include <abstractions/bus/org.freedesktop.login1>
  include <abstractions/bus/org.freedesktop.systemd1>
  include <abstractions/bus/org.freedesktop.UPower>
  include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
  include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
  include <abstractions/bus/org.gnome.ScreenSaver>
  include <abstractions/bus/org.gnome.SessionManager>
  include <abstractions/bus/org.gtk.vfs.MountTracker>
  include <abstractions/dconf-write>
  include <abstractions/fontconfig-cache-write>
  include <abstractions/gnome-strict>
  include <abstractions/nameservice-strict>

  network netlink raw,

  signal (receive) set=(term, hup) peer=gdm*,

  #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Power

  dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
       interface=org.freedesktop.DBus.Properties
       member=Set
       peer=(name=:*, label=gnome-shell),

  dbus send bus=system path=/org/freedesktop/UPower/KbdBacklight
       interface=org.freedesktop.UPower.KbdBacklight
       member=GetBrightness
       peer=(name=:*, label=upowerd),

  dbus receive bus=session path=/org/gtk/Settings
       interface=org.freedesktop.DBus.Properties
       member=PropertiesChanged
       peer=(name=:*, label=gsd-xsettings),

  @{exec_path} mr,

  /usr/share/dconf/profile/gdm r,
  /usr/share/gdm/greeter-dconf-defaults r,

  owner @{GDM_HOME}/greeter-dconf-defaults r,
  owner @{gdm_config_dirs}/dconf/user r,

  @{run}/udev/data/+backlight:* r,
  @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
  @{run}/udev/data/+leds:* r,

  @{run}/systemd/inhibit/[0-9]*.ref rw,

  @{sys}/bus/ r,
  @{sys}/class/ r,
  @{sys}/class/backlight/ r,

  @{sys}/devices/@{pci}/*_backlight/{,max_,actual_}brightness rw,
  @{sys}/devices/@{pci}/*_backlight/{uevent,type,enabled} r,
  @{sys}/devices/@{pci}/backlight/**/{,max_,actual_}brightness rw,
  @{sys}/devices/@{pci}/backlight/**/{uevent,type,enabled} r,
  @{sys}/devices/@{pci}/backlight/**/brightness rw,
  @{sys}/devices/@{pci}/class r,
  @{sys}/devices/@{pci}/drm/card@{int}/**/{,max_,actual_}brightness rw,
  @{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type,enabled} r,
  @{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw,
  @{sys}/devices/**/leds/**/{,max_,actual_}brightness rw,
  @{sys}/devices/**/leds/**/{uevent,type,enabled} r,
  @{sys}/devices/**/leds/**/brightness_hw_changed r,

        @{PROC}/cmdline r,
        @{PROC}/sys/kernel/osrelease r,
  owner @{PROC}/@{pid}/cgroup r,

  owner /dev/tty@{int} rw,

  include if exists <local/gsd-power>
}

# vim:syntax=apparmor