# apparmor.d - Full set of apparmor profiles # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only # vim:syntax=apparmor owner @{user_cache_dirs}/fontconfig/ rw, owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk, owner @{user_cache_dirs}/fontconfig/*-le64.cache-@{int} w, owner @{user_cache_dirs}/fontconfig/*-le64.cache-@{int}{,TMP-@{rand6},NEW,LCK} w, owner @{HOME}/.fontconfig/ rw, owner @{HOME}/.fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, owner @{HOME}/.fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk, owner @{HOME}/.fonts/ rw, link @{HOME}/.fonts/.uuid.LCK -> @{HOME}/.fonts/.uuid.TMP-*, owner @{HOME}/.fonts/.uuid{,.NEW,.LCK,.TMP-*} r, owner @{HOME}/.fonts/.uuid{,.NEW,.LCK,.TMP-*} w, # This is to create .uuid file containing an UUID at a font directory. The UUID will be used to # identify the font directory and is used to determine the cache filename if available. owner /usr/local/share/fonts/ rw, owner /usr/local/share/fonts/.uuid{,.NEW,.LCK,.TMP-*} rw, link /usr/local/share/fonts/.uuid.LCK -> /usr/local/share/fonts/.uuid.TMP-*, # Should writing to these dirs be blocked? /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*} r, deny /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*} w, /var/cache/fontconfig/ rw, owner /var/cache/fontconfig/** rw, owner /var/cache/fontconfig/*.cache-@{int} rwk, owner /var/cache/fontconfig/*.cache-@{int}.LCK rwl, owner /var/cache/fontconfig/CACHEDIR.TAG.LCK rwl, # For fonts downloaded via font-manager (###FIXME### when they fix resolving of vars) owner @{user_share_dirs}/fonts/ rw, owner @{user_share_dirs}/fonts/**/.uuid{,.NEW,.LCK,.TMP-*} rw, link @{user_share_dirs}/fonts/**/.uuid.LCK -> @{user_share_dirs}/fonts/**/.uuid.TMP-*, include if exists