# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

  abi <abi/4.0>,

  /usr/share/egl/egl_external_platform.d/{,*.json} r,
  /usr/share/glvnd/egl_vendor.d/{,*.json} r,
  /usr/share/libdrm/*.ids r,
  /usr/share/vulkan/explicit_layer.d/{,*.json} r,
  /usr/share/vulkan/icd.d/{,*.json} r,
  /usr/share/vulkan/implicit_layer.d/{,*.json} r,

  /etc/glvnd/egl_vendor.d/{,*.json} r,
  /etc/vulkan/explicit_layer.d/{,*.json} r,
  /etc/vulkan/icd.d/{,*.json} r,
  /etc/vulkan/implicit_layer.d/{,*.json} r,

  owner @{user_cache_dirs}/gtk-4.0/vulkan-pipeline-cache/.goutputstream-@{rand6} rw,
  owner @{user_cache_dirs}/gtk-4.0/vulkan-pipeline-cache/@{uuid}.@{int} rw,
  owner @{user_cache_dirs}/radv_builtin_shaders{32,64} r, # Vulkan radv shaders cache
  owner @{user_cache_dirs}/radv_builtin_shaders{32,64}@{rand6} w,

  owner @{user_share_dirs}/vulkan/ rw,
  owner @{user_share_dirs}/vulkan/implicit_layer.d/ rw,
  owner @{user_share_dirs}/vulkan/implicit_layer.d/*.json r,

  @{sys}/class/ r,
  @{sys}/class/drm/ r,
  @{sys}/devices/@{pci}/drm/ r,
  @{sys}/devices/@{pci}/drm/card@{int}/gt_cur_freq_mhz r,
  @{sys}/devices/@{pci}/drm/card@{int}/gt_max_freq_mhz r,
  @{sys}/devices/@{pci}/drm/card@{int}/gt_min_freq_mhz r,
  @{sys}/devices/@{pci}/drm/card@{int}/metrics/ r,
  @{sys}/devices/@{pci}/drm/card@{int}/metrics/@{uuid}/id r,

  include if exists <abstractions/vulkan-strict.d>

# vim:syntax=apparmor
