# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{lib_dirs} = @{user_share_dirs}/torbrowser/tbb/@{arch}/tor-browser/Browser/ @{HOME}/.tb/tor-browser/Browser/

@{exec_path} = @{lib_dirs}/start-tor-browser
@{att} = ""
profile torbrowser-start /{home/*/.local/share/torbrowser/tbb/x86_64/tor-browser/Browser/start-tor-browser,home/*/.local/share/torbrowser/tbb/amd64/tor-browser/Browser/start-tor-browser,home/*/.local/share/torbrowser/tbb/i386/tor-browser/Browser/start-tor-browser,home/*/.tb/tor-browser/Browser/start-tor-browser} flags=(complain) {
  include <abstractions/base-strict>
  include <abstractions/consoles>

  @{exec_path} rm,

  @{sh_path}                  rix,
  @{bin}/cp                    ix,
  @{bin}/dirname               ix,
  @{bin}/env                    r,
  @{bin}/expr                  ix,
  @{bin}/file                  ix,
  @{bin}/getconf               ix,
  @{bin}/{,e}grep              ix,
  @{bin}/id                    ix,
  @{bin}/ln                    ix,
  @{bin}/mkdir                 ix,
  @{bin}/rm                    ix,
  @{bin}/sed                   ix,
  @{bin}/srm                   ix,

  @{lib_dirs}/abicheck         ix,
  @{lib_dirs}/firefox{,.real}  px -> torbrowser,

  /usr/share/file/** r,

  /etc/magic r,

  owner @{lib_dirs}/.config/ibus/{,**} rw,
  owner @{lib_dirs}/.local/* rw,
  owner @{lib_dirs}/sed@{rand6} rw,
  owner @{lib_dirs}/TorBrowser/Tor/tor r,

  owner @{user_share_dirs}/torbrowser/tbb/@{arch}/tor-browser/Browser/sed@{rand6} rw,
  owner @{user_share_dirs}/torbrowser/tbb/@{arch}/tor-browser/Browser/start-tor-browser.desktop rw,
  owner @{user_share_dirs}/torbrowser/tbb/@{arch}/tor-browser/sed@{rand6} rw,
  owner @{user_share_dirs}/torbrowser/tbb/@{arch}/tor-browser/start-tor-browser.desktop rw,

  owner @{HOME}/.xsession-errors rw,
  owner @{HOME}/.tb/tor-browser/* rw,

  include if exists <local/torbrowser-start>
}

# vim:syntax=apparmor
