# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/3.0>,

include <tunables/global>

@{exec_path} = @{bin}/paccache
profile paccache @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>

  capability dac_read_search,
  capability mknod,

  @{exec_path} mr,

  @{bin}/{m,g,}awk    rix,
  @{bin}/bash         rix,
  @{bin}/cat          rix,
  @{bin}/gettext      rix,
  @{bin}/pacman       rPx,
  @{bin}/pacman-conf  rPx,
  @{bin}/pacsort      rix,
  @{bin}/rm           rix,
  @{bin}/stat         rix,
  @{bin}/tput         rix,
  @{bin}/xargs        rix,

  /usr/share/makepkg/util/*.sh r,
  /usr/share/terminfo/x/xterm-256color r,

  /var/cache/pacman/pkg/{,*} rw,

  owner @{PROC}/@{pid}/fd/ r,

  /dev/tty rw,

  include if exists <local/paccache>
}