felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
apparmor.d/apparmor.d/profiles-s-z/thermald

93 lines
3.5 KiB
Text
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2015-2020 Mikhail Morfikov
# Copyright (C) 2022 Jeroen Rijken
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/thermald
profile thermald @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>
capability sys_boot,
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,ReleaseName}
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
dbus send bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,ReleaseName}
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
dbus (bind) bus=system
name=org.freedesktop.thermald,
@{exec_path} mr,
owner @{run}/thermald/ rw,
owner @{run}/thermald/thd_preference.conf rw,
owner @{run}/thermald/thd_preference.conf.save w,
owner @{run}/thermald/thermald.pid rwk,
/etc/thermald/thermal-conf.xml r,
/etc/thermald/thermal-cpu-cdev-order.xml r,
@{sys}/class/hwmon/ r,
@{sys}/class/thermal/ r,
@{sys}/devices/platform/{,*} r,
@{sys}/devices/platform/**/path r,
@{sys}/devices/platform/**/available_uuids r,
@{sys}/devices/platform/**/current_uuid rw,
@{sys}/devices/system/cpu/present r,
@{sys}/devices/system/cpu/intel_pstate/max_perf_pct rw,
@{sys}/devices/system/cpu/intel_pstate/no_turbo rw,
@{sys}/devices/system/cpu/intel_pstate/status r,
@{sys}/devices/pci[0-9]*/**/drm/**/intel_backlight/max_brightness r,
@{sys}/devices/pci[0-9]*/**/power_limits/power_limit_[0-9]*_max_uw r,
@{sys}/devices/pci[0-9]*/**/power_limits/power_limit_[0-9]*_min_uw r,
@{sys}/devices/pci[0-9]*/**/power_limits/power_limit_[0-9]*_tmax_us r,
@{sys}/devices/pci[0-9]*/**/power_limits/power_limit_[0-9]*_tmin_us r,
@{sys}/devices/**/hwmon[0-9]*/name r,
@{sys}/devices/**/hwmon[0-9]*/temp[0-9]*_{max,crit} r,
@{sys}/devices/**/path r,
@{sys}/devices/virtual/dmi/id/product_name r,
@{sys}/devices/virtual/dmi/id/product_uuid r,
@{sys}/devices/virtual/thermal/**/{type,temp} r,
@{sys}/devices/virtual/thermal/thermal_zone[0-9]*/ r,
@{sys}/devices/virtual/thermal/thermal_zone[0-9]*/mode rw,
@{sys}/devices/virtual/thermal/thermal_zone[0-9]*/policy rw,
@{sys}/devices/virtual/thermal/thermal_zone[0-9]*/trip_point_[0-9]*_temp rw,
@{sys}/devices/virtual/thermal/thermal_zone[0-9]*/trip_point_[0-9]*_type r,
@{sys}/devices/virtual/thermal/thermal_zone[0-9]*/trip_point_[0-9]*_hyst r,
@{sys}/devices/virtual/thermal/thermal_zone[0-9]*/cdev[0-9]*_trip_point r,
@{sys}/devices/virtual/thermal/cooling_device[0-9]*/ r,
@{sys}/devices/virtual/thermal/cooling_device[0-9]*/cur_state rw,
@{sys}/devices/virtual/thermal/cooling_device[0-9]*/max_state r,
@{sys}/devices/virtual/powercap/intel-rapl/ r,
@{sys}/devices/virtual/powercap/intel-rapl/**/name r,
@{sys}/devices/virtual/powercap/intel-rapl/intel-rapl{,-mmio}:[0-9]*/ r,
@{sys}/devices/virtual/powercap/intel-rapl/intel-rapl{,-mmio}:[0-9]*/* r,
@{sys}/devices/virtual/powercap/intel-rapl/intel-rapl{,-mmio}:[0-9]*/constraint_*_time_window_us w,
@{sys}/devices/virtual/powercap/intel-rapl/intel-rapl{,-mmio}:[0-9]*/constraint_*_power_limit_uw w,
@{sys}/devices/virtual/powercap/intel-rapl/intel-rapl{,-mmio}:[0-9]*/enabled w,
@{sys}/devices/virtual/powercap/intel-rapl/intel-rapl{,-mmio}:[0-9]*/intel-rapl:[0-9]*:[0-9]*/{,*} r,
/dev/acpi_thermal_rel rw,
/dev/input/ r,
/dev/input/event[0-9]* r,
include if exists <local/thermald>
}
Reference in a new issue View git blame Copy permalink