# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# NEEDS-VARIABLE: devtools

# Allows common file for various development tools. This abstraction is meant
# to be included in profiles of development tools only.
#
# It does not aims at allowing execution of development tools, only file access.
# The tools are defined in the `@{devtools}` variable.
#

  abi <abi/4.0>,

  /usr/share/*@{devtools}*/ r,
  /usr/share/*@{devtools}*/** r,

  owner @{HOME}/.*@{devtools}* rw,
  owner @{HOME}/.*@{devtools}*/ rw,
  owner @{HOME}/.*@{devtools}*/** rwlk,
  owner @{HOME}/.*@{devtools}*/** mix,

  owner @{HOME}/*@{devtools}*/ rw,
  owner @{HOME}/*@{devtools}*/** rwlk,
  owner @{HOME}/.*@{devtools}*/** mix,

  owner @{user_cache_dirs}/ r,
  owner @{user_cache_dirs}/*@{devtools}*/ rw,
  owner @{user_cache_dirs}/*@{devtools}*/** rwlk,

  owner @{user_config_dirs}/ r,
  owner @{user_config_dirs}/*@{devtools}*/ rw,
  owner @{user_config_dirs}/*@{devtools}*/** rwlk,

  owner @{user_share_dirs}/ r,
  owner @{user_share_dirs}/*@{devtools}*/ rw,
  owner @{user_share_dirs}/*@{devtools}*/** rwlk,

  owner @{user_state_dirs}/ r,
  owner @{user_state_dirs}/*@{devtools}*/ rw,
  owner @{user_state_dirs}/*@{devtools}*/** rwlk,

        /tmp/ r,
  owner @{tmp}/ r,
  owner @{tmp}/*@{devtools}* rw,
  owner @{tmp}/*@{devtools}*/ rw,
  owner @{tmp}/*@{devtools}*/** rwlk,
  owner @{tmp}/*@{devtools}*/** mix,

  include if exists <abstractions/devtools.d>

# vim:syntax=apparmor
