apparmor.d/apparmor.d/profiles-s-z/update-secureboot-policy

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
# Copyright (C) 2022 Jeroen Rijken
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/3.0>,

include <tunables/global>

@{exec_path} = @{bin}/update-secureboot-policy
profile update-secureboot-policy @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>

  @{exec_path} rm,

  @{bin}/{,ba,da}sh      rix,
  @{bin}/{,m,g}awk       rix,
  @{bin}/dpkg-trigger    rPx,
  @{bin}/find            rix,
  @{bin}/id              rix,
  @{bin}/od              rix,
  @{bin}/sort            rix,
  @{bin}/touch           rix,
  @{bin}/wc              rix,
  /usr/share/debconf/frontend rPx,

  /usr/share/debconf/confmodule r,

  /var/lib/dkms/ r,
  /var/lib/shim-signed/dkms-list r,

  include if exists <local/update-secureboot-policy>
}