# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2019 Canonical Ltd
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# Allows access to Universal 2nd Factor (U2F) devices

  abi <abi/4.0>,

  @{run}/udev/data/+power_supply:* r,     # For power supply devices (batteries, AC adapters, USB chargers)

  # Needed for dynamic assignment of U2F devices
  @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511

  @{sys}/ r,
  @{sys}/bus/ r,
  @{sys}/class/ r,
  @{sys}/class/hidraw/ r,
  @{sys}/class/hidraw/hidraw@{int} r,
  @{sys}/devices/**/i2c*/**/report_descriptor r,
  @{sys}/devices/**/usb@{int}/**/report_descriptor r,

  # Allow raw access HDI (Human Interface Devices) wich is how U2F devices are exposed
  /dev/hidraw@{int} rw,

  include if exists <abstractions/devices-u2f.d>

# vim:syntax=apparmor
