# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2018-2021 Mikhail Morfikov
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# This abstraction is only required when zshrc is loaded (e.g. interactive shell).
# Classic shell scripts do not need it.

  abi <abi/4.0>,

  @{lib}/@{multiarch}/zsh/@{int}/zsh/*.so mr,

  /usr/local/share/zsh/{,**} r,
  /usr/share/oh-my-zsh/{,**} r,
  /usr/share/zsh-theme-*/{,**} r,
  /usr/share/zsh/{,**} r,

  /etc/zsh/* r,

  owner @{HOME}/.zcompdump-* rw,
  owner @{HOME}/.zsh_history rw,
  owner @{HOME}/.zsh_history.LOCK rwk,
  owner @{HOME}/.zsh_history.new rw,
  owner @{HOME}/.zshenv r,
  owner @{HOME}/.zshrc r,

  owner @{HOME}/.oh-my-zsh/{,**} r,
  owner @{HOME}/.oh-my-zsh/log/update.lock/ w,

  owner @{user_cache_dirs}/oh-my-zsh/{,**} r,
  owner @{user_cache_dirs}/p10k-@{user}/{,**} rw,
  owner @{user_cache_dirs}/p10k-dump-@{user}.zsh{,.*} rw,
  owner @{user_cache_dirs}/p10k-instant-prompt-@{user}.zsh{,.*} rw,

  owner @{user_config_dirs}/zsh/.zcompdump-* rw,
  owner @{user_config_dirs}/zsh/{,**} r,

  owner @{user_share_dirs}/zsh/history rw,
  owner @{user_share_dirs}/zsh/history.LOCK rwk,
  owner @{user_share_dirs}/zsh/history.new rw,

  owner @{tmp}/gitstatus.POWERLEVEL9K.*.fifo rw,
  owner @{tmp}/gitstatus.POWERLEVEL9K.*.lock rwk,

        @{PROC}/version r,
  owner @{PROC}/@{pid}/loginuid r,

  include if exists <abstractions/zsh.d>

# vim:syntax=apparmor
