# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{exec_path} = @{bin}/nvtop
@{att} = /att/nvtop/
profile nvtop /{,usr/}bin/nvtop  flags=(attach_disconnected,attach_disconnected.path=@{att},complain) {
  include <abstractions/attached/base>
  include <abstractions/attached/consoles>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>

  capability sys_ptrace,

  ptrace (read),

  @{exec_path} mr,

  /usr/share/terminfo/** r,

  owner @{user_config_dirs}/nvtop/{,**} rw,

  @{att}@{run}/systemd/inhibit/@{int}.ref rw,

  @{run}/udev/data/+drm:card@{int}-* r,   # for screen outputs
  @{run}/udev/data/+pci:* r,              # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
  @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511

  @{sys}/bus/ r,
  @{sys}/devices/@{pci}/ r,
  @{sys}/devices/@{pci}/current_link_{speed,width} r,
  @{sys}/devices/@{pci}/enable r,
  @{sys}/devices/@{pci}/hwmon/hwmon@{int}/fan@{int}_{enable,max} r,
  @{sys}/devices/@{pci}/hwmon/hwmon@{int}/power@{int}_cap r,
  @{sys}/devices/@{pci}/hwmon/hwmon@{int}/pwm@{int} r,
  @{sys}/devices/@{pci}/hwmon/hwmon@{int}/pwm@{int}_{enable,max} r,
  @{sys}/devices/@{pci}/hwmon/hwmon@{int}/temp@{int}_crit r,
  @{sys}/devices/@{pci}/max_link_{speed,width} r,
  @{sys}/devices/@{pci}/pcie_bw r,
  @{sys}/devices/**/uevent r,
  @{sys}/devices/system/node/node@{int}/cpumap r,

        @{PROC}/ r,
        @{PROC}/@{pid}/ r,
        @{PROC}/@{pid}/cmdline r,
        @{PROC}/@{pid}/fd/ r,
        @{PROC}/@{pid}/fdinfo/ r,
        @{PROC}/@{pid}/fdinfo/@{int} r,
        @{PROC}/@{pid}/stat r,
        @{PROC}/devices r,
        @{PROC}/driver/nvidia/capabilities/mig/{config,monitor}  r,
  owner @{PROC}/@{pid}/task/@{tid}/comm rw,

  /dev/nvidia-caps/ rw,
  /dev/nvidia-caps/nvidia-cap@{int} rw,

  include if exists <local/nvtop>
}

# vim:syntax=apparmor
