# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Mikhail Morfikov
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{exec_path} = @{bin}/arduino-builder
@{att} = ""
profile arduino-builder /{,usr/}bin/arduino-builder flags=(complain) {
  include <abstractions/base-strict>

  @{exec_path} mr,

  @{bin}/                           r,
  @{bin}/avr-g++                    rix,
  @{bin}/avr-gcc                    rix,
  @{bin}/avr-gcc-ar                 rix,
  @{bin}/avr-size                   rix,
  @{bin}/avrdude                    rix,
  @{lib}/gcc/avr/@{int}/cc1plus     rix,
  @{lib}/gcc/avr/@{int}/cc1         rix,
  @{lib}/gcc/avr/@{int}/collect2    rix,
  @{lib}/gcc/avr/@{int}/lto-wrapper rix,
  @{lib}/gcc/avr/@{int}/lto1        rix,
  @{lib}/llvm-[0-9]*/bin/clang      rix,
  @{lib}/avr/bin/as                 rix,
  @{lib}/avr/bin/ar                 rix,
  @{lib}/avr/bin/ld                 rix,
  @{lib}/avr/bin/objcopy            rix,

  @{bin}/arduino-ctags              rpx,

  /usr/share/arduino/{,**} r,
  /usr/share/arduino-builder/{,**} r,

  /usr/share/doc/arduino/{,**} r,

  owner @{HOME}/Arduino/{,**} r,

        /tmp/ r,
  owner @{tmp}/cc* rw,
  owner @{tmp}/untitled[0-9]*.tmp/{,**} rw,
  owner @{tmp}/arduino_{build,cache}_[0-9]*/{,**} rw,
  owner @{tmp}/arduino_modified_sketch_[0-9]*/{,**} rw,

  include if exists <local/arduino-builder>
}

# vim:syntax=apparmor
