# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

  # Fallback location when @{user_cache_dirs} is not available
  /var/cache/mesa_shader_cache_db/ rw,
  /var/cache/mesa_shader_cache_db/index rw,
  /var/cache/mesa_shader_cache_db/marker rw,
  /var/cache/mesa_shader_cache_db/part@{int}/ rw,
  /var/cache/mesa_shader_cache_db/part@{int}/mesa_cache.db rwk,
  /var/cache/mesa_shader_cache_db/part@{int}/mesa_cache.idx rwk,
  /var/cache/mesa_shader_cache/ rw,
  /var/cache/mesa_shader_cache/@{hex2}/ rw,
  /var/cache/mesa_shader_cache/@{hex2}/@{hex38} rw,
  /var/cache/mesa_shader_cache/@{hex2}/@{hex38}.tmp rwk,
  /var/cache/mesa_shader_cache/index rw,
  /var/cache/mesa_shader_cache/marker rw,

  # Extra Mesa rules for desktop environments
  owner @{desktop_cache_dirs}/ w,
  owner @{desktop_cache_dirs}/mesa_shader_cache_db/ rw,
  owner @{desktop_cache_dirs}/mesa_shader_cache_db/index rw,
  owner @{desktop_cache_dirs}/mesa_shader_cache_db/marker rw,
  owner @{desktop_cache_dirs}/mesa_shader_cache_db/part@{int}/ rw,
  owner @{desktop_cache_dirs}/mesa_shader_cache_db/part@{int}/mesa_cache.db rwk,
  owner @{desktop_cache_dirs}/mesa_shader_cache_db/part@{int}/mesa_cache.idx rwk,
  owner @{desktop_cache_dirs}/mesa_shader_cache/ rw,
  owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/ rw,
  owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/@{hex38} rw,
  owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/@{hex38}.tmp rwk,
  owner @{desktop_cache_dirs}/mesa_shader_cache/index rw,
  owner @{desktop_cache_dirs}/mesa_shader_cache/marker rw,

  owner @{user_cache_dirs}/mesa_shader_cache/marker rw,

  owner @{user_cache_dirs}/mesa_shader_cache_db/ w,
  owner @{user_cache_dirs}/mesa_shader_cache_db/index rw,
  owner @{user_cache_dirs}/mesa_shader_cache_db/marker rw,
  owner @{user_cache_dirs}/mesa_shader_cache_db/part@{int}/ rw,
  owner @{user_cache_dirs}/mesa_shader_cache_db/part@{int}/mesa_cache.db rwk,
  owner @{user_cache_dirs}/mesa_shader_cache_db/part@{int}/mesa_cache.idx rwk,

  owner @{user_cache_dirs}/radv_builtin_shaders/ w,
  owner @{user_cache_dirs}/radv_builtin_shaders/index rw,
  owner @{user_cache_dirs}/radv_builtin_shaders/marker rw,
  owner @{user_cache_dirs}/radv_builtin_shaders/part@{int}/ rw,
  owner @{user_cache_dirs}/radv_builtin_shaders/part@{int}/mesa_cache.db rwk,
  owner @{user_cache_dirs}/radv_builtin_shaders/part@{int}/mesa_cache.idx rwk,

  @{PROC}/sys/dev/xe/observation_paranoid r,

  /dev/udmabuf rw, # In upstream, but not released yet

# vim:syntax=apparmor
