diff --git a/profiles/apparmor.d/lsusb b/profiles/apparmor.d/lsusb index a433e0bb0..8be2f8f85 100644 --- a/profiles/apparmor.d/lsusb +++ b/profiles/apparmor.d/lsusb @@ -16,8 +16,14 @@ include profile lsusb /usr/bin/lsusb { include + /usr/bin/lsusb mr, + network netlink raw, + # Needed for additional information gathered under sudo + capability net_admin, + /dev/bus/usb/@{d}@{d}@{d}/@{d}@{d}@{d} rw, + /dev/ r, /dev/bus/usb/ r, @{run}/udev/data/*usb:* r, @@ -35,6 +41,31 @@ profile lsusb /usr/bin/lsusb { @{sys}/devices/**/usb[0-9]**/manufacturer r, @{sys}/devices/**/usb[0-9]**/product r, @{sys}/devices/**/usb[0-9]**/serial r, + # needed for --tree + @{sys}/devices/**/usb[0-9]**/bAlternateSetting r, + @{sys}/devices/**/usb[0-9]**/bInterfaceClass r, + @{sys}/devices/**/usb[0-9]**/bInterfaceNumber r, + @{sys}/devices/**/usb[0-9]**/bInterfaceProtocol r, + @{sys}/devices/**/usb[0-9]**/bInterfaceSubClass r, + @{sys}/devices/**/usb[0-9]**/bNumEndpoints r, + @{sys}/devices/**/usb[0-9]**/bConfigurationValue r, + @{sys}/devices/**/usb[0-9]**/bDeviceClass r, + @{sys}/devices/**/usb[0-9]**/bDeviceProtocol r, + @{sys}/devices/**/usb[0-9]**/bDeviceSubClass r, + @{sys}/devices/**/usb[0-9]**/bMaxPacketSize0 r, + @{sys}/devices/**/usb[0-9]**/bNumConfigurations r, + @{sys}/devices/**/usb[0-9]**/bNumInterfaces r, + @{sys}/devices/**/usb[0-9]**/bcdDevice r, + @{sys}/devices/**/usb[0-9]**/bmAttributes r, + @{sys}/devices/**/usb[0-9]**/configuration r, + @{sys}/devices/**/usb[0-9]**/idProduct r, + @{sys}/devices/**/usb[0-9]**/idVendor r, + @{sys}/devices/**/usb[0-9]**/maxchild r, + @{sys}/devices/**/usb[0-9]**/rx_lanes r, + @{sys}/devices/**/usb[0-9]**/tx_lanes r, + # Needed for --tree -v + @{sys}/devices/**/usb[0-9]**/bMaxPower r, + @{sys}/devices/**/usb[0-9]**/version r, include if exists }