From f19f9ae1fa8097f17fb8ce721cbc4963aae3365f Mon Sep 17 00:00:00 2001
From: Mikhail Morfikov <mmorfikov@gmail.com>
Date: Wed, 14 Apr 2021 14:48:56 -0700
Subject: [PATCH] abstractions: update video abstraction

the video abstraction currently it only contains the following rules:

  @{sys}/class/video4linux r,
  @{sys}/class/video4linux/** r,

Judging by the v4l path, this abstraction should be used whenever some
app wants to use for instance a webcam or other USB cameras to stream
video usually in chat apps. I was testing some apps, and it looks like
the following rules are needed to make the video streaming possible:

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/159
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/740
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 profiles/apparmor.d/abstractions/video | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/profiles/apparmor.d/abstractions/video b/profiles/apparmor.d/abstractions/video
index 7df9a1725..0afe62bfa 100644
--- a/profiles/apparmor.d/abstractions/video
+++ b/profiles/apparmor.d/abstractions/video
@@ -7,5 +7,14 @@
   @{sys}/class/video4linux r,
   @{sys}/class/video4linux/** r,
 
+  owner /dev/shm/libv4l-* rw,
+        /dev/video[0-9]* rw,
+  @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/video4linux/video[0-9]*/dev r,
+  @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{modalias,speed} r,
+
+  @{sys}/devices/virtual/dmi/id/sys_vendor r,
+  @{sys}/devices/virtual/dmi/id/product_{name,version} r,
+  @{sys}/devices/virtual/dmi/id/board_{vendor,name,version} r,
+
   # Include additions to the abstraction
   include if exists <abstractions/video.d>