# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{exec_path} = @{bin}/freefall
@{att} = ""
profile freefall /{,usr/}bin/freefall flags=(complain) {
  include <abstractions/base-strict>

  capability ipc_lock,
  capability mknod,
  capability sys_nice,

  @{exec_path} mr,

  @{sys}/devices/**/unload_heads r,
  @{sys}/class/leds/**/brightness r,

  /dev/freefall rw,
  /dev/sd[a-z]* rk,
  /dev/sd[a-z]*[0-9]* rk,

  include if exists <local/freefall>
}

# vim:syntax=apparmor
