# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2019-2021 Mikhail Morfikov
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/3.0>,

include <tunables/global>

@{exec_path} = /{usr/,}bin/f3write
profile f3write @{exec_path} {
  include <abstractions/base>

  # The f3write doesn't have to be started as root, but when it's started as root, the following
  # CAP is needed in order to write to the user owned USB drives (e.g. mounted via udisks).
  #capability dac_override,

  @{exec_path} mr,

  # USB drive mount locations
  @{MOUNTS}/*/ r,
  @{MOUNTS}/*/*/ r,
  /mnt/ r,

  # To be able to write h2w files
  owner @{MOUNTS}/*/[0-9]*.h2w w,
  owner @{MOUNTS}/*/*/[0-9]*.h2w w,
  owner /mnt/[0-9]*.h2w w,

  include if exists <local/f3write>
}