# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2018-2021 Mikhail Morfikov
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{exec_path} = @{lib}/systemd/systemd-backlight
@{att} = /att/systemd-backlight/
profile systemd-backlight /{,usr/}lib{,exec,32,64}/systemd/systemd-backlight  flags=(attach_disconnected,attach_disconnected.path=@{att},complain) {
  include <abstractions/attached/base>
  include <abstractions/common/systemd>

  capability net_admin,

  @{exec_path} mr,

  /var/lib/systemd/backlight/*backlight* rw,

  @{run}/udev/data/+backlight:* r,        # For display backlights on laptops, monitors, and other screens.
  @{run}/udev/data/+leds:*backlight* r,   # For keyboard backlights, mouse LEDs, etc.
  @{run}/udev/data/+pci:* r,              # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)

  @{sys}/bus/ r,
  @{sys}/bus/pci/devices/ r,
  @{sys}/class/ r,
  @{sys}/class/backlight/ r,

  @{sys}/devices/@{pci}/ r,
  @{sys}/devices/@{pci}/*_backlight/{,max_,actual_}brightness rw,
  @{sys}/devices/@{pci}/*_backlight/{uevent,type,enabled} r,
  @{sys}/devices/@{pci}/backlight/**/{,max_,actual_}brightness rw,
  @{sys}/devices/@{pci}/backlight/**/{uevent,type,enabled} r,
  @{sys}/devices/@{pci}/backlight/**/brightness rw,
  @{sys}/devices/@{pci}/class r,
  @{sys}/devices/@{pci}/drm/card@{int}/**/{,max_,actual_}brightness rw,
  @{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type,enabled} r,
  @{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw,
  @{sys}/devices/@{pci}/uevent r,
  @{sys}/devices/**/leds/**/{,max_,actual_}brightness rw,
  @{sys}/devices/**/leds/**/{uevent,type,enabled} r,
  @{sys}/devices/**/leds/**/brightness_hw_changed r,

  include if exists <local/systemd-backlight>
}

# vim:syntax=apparmor
