# apparmor.d - Full set of apparmor profiles # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = @{bin}/smplayer profile smplayer @{exec_path} { include include include include include include include include include include include include include include include include # Needed for hardware decoding ##include signal (send) set=(term, kill), signal (receive) set=(term, kill), network inet dgram, network inet6 dgram, network inet stream, network inet6 stream, network netlink dgram, @{exec_path} mrix, @{bin}/mpv rPx, @{bin}/pacmd rPx, @{bin}/smtube rPx, @{bin}/youtube-dl rPx, @{bin}/yt-dlp rPx, /usr/share/qt5ct/** r, /usr/share/hwdata/pnp.ids r, /etc/fstab r, /etc/machine-id r, /var/lib/dbus/machine-id r, owner @{HOME}/ r, owner @{user_music_dirs}/{,**} rw, owner @{user_pictures_dirs}/{,**} rw, owner @{user_torrents_dirs}/{,**} rw, owner @{user_videos_dirs}/{,**} rw, owner @{user_config_dirs}/smplayer/ rw, owner @{user_config_dirs}/smplayer/* rwkl -> @{user_config_dirs}/smplayer/#@{int}, owner @{user_config_dirs}/qt5ct/{,**} r, owner @{user_cache_dirs}/#@{int} rw, owner /tmp/qtsingleapp-smplay-* rw, owner /tmp/qtsingleapp-smplay-*-lockfile rwk, owner /tmp/smplayer_preview/ rw, owner /tmp/smplayer_preview/@{int}.{jpg,png} rw, owner /tmp/smplayer-mpv-* w, owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=**/ r, owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=** r, owner /dev/shm/#@{int} rw, deny owner @{PROC}/@{pid}/stat r, deny owner @{PROC}/@{pid}/cmdline r, deny @{PROC}/sys/kernel/random/boot_id r, @{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/mounts r, /dev/ r, owner /dev/tty@{int} rw, include if exists }