apparmor.d/apparmor.d/tunables/multiarch.d/system

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# To allow extended personalisation without breaking everything.
# All apparmor profiles should always use the variables defined here.

# Single hexadecimal character
@{h}=[0-9a-fA-F]

# Single alphanumeric character
@{c}=[0-9a-zA-Z]

# Integer up to 10 digits (0-9999999999)
@{int}=[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}

# hexadecimal, alphanumeric up to 64 characters
@{hex}=@{h}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}
@{rand}=@{c}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}

# Any x digits characters
@{int2}=[0-9][0-9]
@{int4}=@{int2}@{int2}
@{int6}=@{int4}@{int2}
@{int8}=@{int4}@{int4}
@{int10}=@{int8}@{int2}
@{int16}=@{int8}@{int8}
@{int32}=@{int16}@{int16}
@{int64}=@{int32}@{int32}

# Any x hexadecimal characters
@{hex2}=@{h}@{h}
@{hex4}=@{hex2}@{hex2}
@{hex6}=@{hex4}@{hex2}
@{hex8}=@{hex4}@{hex4}
@{hex9}=@{hex8}@{h}
@{hex10}=@{hex8}@{hex2}
@{hex16}=@{hex8}@{hex8}
@{hex32}=@{hex16}@{hex16}
@{hex38}=@{hex32}@{hex6}
@{hex64}=@{hex32}@{hex32}

# Any x alphanumeric characters
@{rand2}=@{c}@{c}
@{rand4}=@{rand2}@{rand2}
@{rand6}=@{rand4}@{rand2}
@{rand8}=@{rand4}@{rand4}
@{rand9}=@{rand8}@{c}
@{rand10}=@{rand8}@{rand2}
@{rand16}=@{rand8}@{rand8}
@{rand32}=@{rand16}@{rand16}
@{rand64}=@{rand64}@{rand64}

# Universally unique identifier
@{uuid}=@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}

# Username & group valid characters
@{u}=[a-z0-9_]
@{user}=[a-z_]{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}
@{group}=@{user}

# Shortcut for PCI device
@{pci_id}=@{h}@{h}@{h}@{h}:@{h}@{h}:@{h}@{h}.@{h}
@{pci_bus}=pci@{h}@{h}@{h}@{h}:@{h}@{h}
@{pci}=@{pci_bus}/**/

# hci devices
@{hci_id}=dev_@{c}@{c}_@{c}@{c}_@{c}@{c}_@{c}@{c}_@{c}@{c}_@{c}@{c}

# @{MOUNTDIRS} is a space-separated list of where user mount directories
# are stored, for programs that must enumerate all mount directories on a
# system.
@{MOUNTDIRS}=/media/ @{run}/media/@{user}/ /mnt/

# @{MOUNTS} is a space-separated list of all user mounted directories.
@{MOUNTS}=@{MOUNTDIRS}/*/ @{run}/user/@{uid}/gvfs/

# Common places for binaries and libraries across distributions
@{bin}=/{,usr/}{,s}bin
@{lib}=/{,usr/}lib{,exec,32,64}

# Common places for temporary files
@{tmp}=/tmp/ /tmp/user/@{uid}/

# Udev data dynamic assignment ranges
@{dynamic}=23[4-9] 24[0-9] 25[0-4]                       # range 234 to 254
@{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1]  # range 384 to 511

# OpenSUSE does not have the same multiarch structure
@{multiarch}+=*-suse-linux*  #aa:only opensuse