# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# LOGPROF-SUGGEST: no

  abi <abi/4.0>,

  ptrace read peer=@{p_systemd},

  @{bin}/udevadm mr,

  /etc/udev/udev.conf r,

  @{run}/udev/data/+*:* r,                # Identifies all subsystems
  @{run}/udev/data/c@{int}:@{int} r,      # Identifies all character devices

  @{sys}/** r,

        @{PROC}/1/cgroup r,
        @{PROC}/1/environ r,
        @{PROC}/1/sched r,
        @{PROC}/cmdline r,
        @{PROC}/sys/kernel/osrelease r,
        @{PROC}/sys/kernel/random/boot_id r,
  owner @{PROC}/@{pid}/cgroup r,
  owner @{PROC}/@{pid}/stat r,

  include if exists <abstractions/app/udevadm.d>

# vim:syntax=apparmor
