# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2019-2021 Mikhail Morfikov
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/3.0>,

include <tunables/global>

@{exec_path} = @{bin}/fatresize
profile fatresize @{exec_path} {
  include <abstractions/base>
  include <abstractions/disks-write>

  # Needed to inform the system of newly created/removed partitions
  # ioctl(3, BLKFLSBUF)              = -1 EACCES (Permission denied)
  capability sys_admin,

  # Needed? (##FIXME##)
  capability sys_rawio,

  # Needed?
  ptrace (read),

  @{exec_path} mr,

  @{bin}/{,ba,da}sh  rix,

  @{bin}/dmidecode  rPx,

  @{bin}/udevadm     rCx -> udevadm,

  owner @{PROC}/@{pid}/mounts r,
        @{PROC}/swaps r,


  profile udevadm {
    include <abstractions/base>

    ptrace (read),

    @{bin}/udevadm mr,

    /etc/udev/udev.conf r,

    owner @{PROC}/@{pid}/stat r,
    owner @{PROC}/@{pid}/cgroup r,
          @{PROC}/cmdline r,
          @{PROC}/1/sched r,
          @{PROC}/1/environ r,
          @{PROC}/sys/kernel/osrelease r,
          @{PROC}/sys/kernel/random/boot_id r,

    @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,

    # file_inherit
    /dev/{s,v}d[a-z]* rw,

  }

  include if exists <local/fatresize>
}