felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
apparmor.d/apparmor.d/groups/network/ModemManager
Alexandre Pujol fb82d8d0d6
feat(profile): small gnome related improvement.
2025-08-22 18:27:22 +02:00

58 lines
2.1 KiB
Text
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{sbin}/ModemManager
profile ModemManager @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.login1>
include <abstractions/bus/org.freedesktop.PolicyKit1>
include <abstractions/consoles>
include <abstractions/devices-usb>
include <abstractions/dri>
capability net_admin,
capability sys_admin,
network qipcrtr dgram,
network netlink raw,
#aa:dbus own bus=system name=org.freedesktop.ModemManager1
@{exec_path} mr,
@{run}/udev/data/+acpi:* r, # Exposes ACPI objects (power buttons, batteries, thermal)
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r, # Identifies onboard devices (laptop/board model, power controllers, thermal sensors)
@{run}/udev/data/+pnp:* r, # For Plug and Play devices (legacy hardware, sound cards, etc.)
@{run}/udev/data/+serial*:* r, # For serial devices (modems, serial ports, etc.)
@{run}/udev/data/+usb:* r, # Identifies all USB devices
@{run}/udev/data/+vmbus:* r, # For Hyper-V devices, (network adapters, storage controllers, and other virtual devices)
@{run}/udev/data/c16[6,7]:@{int} r, # USB modems
@{run}/udev/data/c18[0,8,9]:@{int} r, # USB devices & USB serial converters
@{run}/udev/data/c4:@{int} r, # for /dev/tty[0-9]*
@{run}/udev/data/c5:@{int} r, # for /dev/tty, /dev/console, /dev/ptmx
@{run}/udev/data/n@{int} r, # For network interfaces
@{att}/@{run}/systemd/inhibit/@{int}.ref rw,
@{sys}/bus/ r,
@{sys}/bus/usb/devices/ r,
@{sys}/class/ r,
@{sys}/class/net/ r,
@{sys}/class/tty/ r,
@{sys}/class/wwan/ r,
@{sys}/devices/**/net/*/ r,
@{sys}/devices/**/uevent r,
@{sys}/devices/virtual/tty/*/ r,
include if exists <local/ModemManager>
}
# vim:syntax=apparmor
Reference in a new issue View git blame Copy permalink