# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# The Direct Rendering Infrastructure (DRI) is the framework comprising the modern
# Linux graphics stack which allows unprivileged user-space programs to issue
# commands to graphics hardware without conflicting with other programs.

  abi <abi/4.0>,

  @{lib}/dri/**                 mr,
  @{lib}/@{multiarch}/dri/**    mr,
  @{lib}/fglrx/dri/**           mr,

  /usr/share/drirc.d/ r,
  /usr/share/drirc.d/*.conf r,

  /etc/drirc r,

  @{run}/udev/data/c226:@{int} r,         # For DRI card /dev/dri/card@{int}

  @{sys}/devices/@{pci}/boot_vga r,
  @{sys}/devices/@{pci}/class r,
  @{sys}/devices/@{pci}/config r,
  @{sys}/devices/@{pci}/device r,
  @{sys}/devices/@{pci}/irq r,
  @{sys}/devices/@{pci}/resource r,
  @{sys}/devices/@{pci}/revision r,
  @{sys}/devices/@{pci}/subsystem_device r,
  @{sys}/devices/@{pci}/subsystem_vendor r,
  @{sys}/devices/@{pci}/uevent r,
  @{sys}/devices/@{pci}/vendor r,

  # Allow access to all cards
  /dev/dri/ r,
  /dev/dri/card@{int} rw,

  # Video Acceleration API
  /dev/dri/renderD128 rw,
  /dev/dri/renderD129 rw,

  include if exists <abstractions/dri.d>

# vim:syntax=apparmor
