# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2015-2020 Mikhail Morfikov
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{exec_path} = @{bin}/megasync
profile megasync @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/desktop>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
  include <abstractions/qt5-compose-cache-write>
  include <abstractions/qt5-settings-write>
  include <abstractions/ssl_certs>
  include <abstractions/user-download-strict>

  network inet dgram,
  network inet6 dgram,
  network inet stream,
  network inet6 stream,
  network netlink dgram,

  @{exec_path} mrix,

  @{sh_path}        rix,
  @{bin}/{,e}grep   rix,
  @{bin}/{m,g,}awk  rix,

  @{bin}/xrdb       rPx,
  @{bin}/xdg-mime   rPx,

  @{open_path} rPx -> child-open,

  /etc/machine-id r,
  /var/lib/dbus/machine-id r,

  owner @{HOME}/ r,

  owner @{user_config_dirs}/autostart/#@{int} rw,
  owner @{user_config_dirs}/autostart/megasync.desktop rwl -> @{user_config_dirs}/autostart/#@{int},

  owner "@{user_share_dirs}/data/Mega Limited/" rw,
  owner "@{user_share_dirs}/data/Mega Limited/**" rwkl -> "@{user_share_dirs}/data/Mega Limited/MEGAsync/#@{int}",

  owner @{user_sync_dirs}/ r,
  owner @{user_sync_dirs}/** rwl -> @{user_sync_dirs}/**,

  owner @{PROC}/@{pid}/cmdline r,
  owner @{PROC}/@{pid}/mountinfo r,
  owner @{PROC}/@{pid}/mounts r,

        /dev/shm/#@{int} rw,
  owner /dev/tty@{int} rw,

  include if exists <local/megasync>
}

# vim:syntax=apparmor