# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2019-2021 Mikhail Morfikov
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

  abi <abi/4.0>,

  include <abstractions/gstreamer-registry>

  @{lib}/@{multiarch}/libproxy/*/modules/*.so mr,
  @{lib}/@{multiarch}/libvisual-@{version}/*/*.so mr,
  @{lib}/frei0r-@{int}/*.so mr,

  /usr/share/gstreamer-1.0/presets/Gst*Enc.prs r,
  /usr/share/xml/iso-codes/*.xml r,

  /etc/openni2/OpenNI.ini r,

  # The orcexec.* file is JIT compiled code for various GStreamer elements.
  # If one is blocked the next is used instead.
  # The orcexec file is placed under /home/user/ also when the /tmp/ dir is mounted with the noexec flag.
  deny owner @{HOME}/orcexec.@{rand6} rw,
  owner @{run}/user/@{uid}/orcexec.@{rand6} mrw,
  owner @{tmp}/orcexec.@{rand6} mrw,

  @{run}/udev/data/c81:@{int}  r,         # For video4linux

  @{sys}/bus/ r,

  @{sys}/class/video4linux/ r,
  @{sys}/devices/**/video4linux/video@{int}/ r,
  @{sys}/devices/**/video4linux/video@{int}/uevent r,

  @{sys}/devices/virtual/dmi/id/bios_vendor r,
  @{sys}/devices/virtual/dmi/id/board_vendor r,
  @{sys}/devices/virtual/dmi/id/product_name r,
  @{sys}/devices/virtual/dmi/id/sys_vendor r,

  /dev/ r,
  /dev/char/@{dynamic}:@{int} w,          # For dynamic assignment range 234 to 254, 384 to 511

  include if exists <abstractions/gstreamer.d>

# vim:syntax=apparmor
