1# vim:syntax=apparmor 2# ------------------------------------------------------------------ 3# 4# Copyright (C) 2018 Canonical Ltd. 5# 6# This software is distributed under a BSD-style license. See the 7# file "COPYING" in the top-level directory of the distribution for details. 8# 9# ------------------------------------------------------------------ 10 11#include <tunables/global> 12 13/usr/sbin/gpsd { 14 #include <abstractions/base> 15 #include <abstractions/nameservice> 16 17 capability ipc_lock, 18 capability net_bind_service, 19 capability sys_nice, 20 capability fsetid, 21 capability setgid, 22 capability setuid, 23 capability sys_resource, 24 25 # for all the remote connection options 26 network dgram, 27 network stream, 28 29 # common serial paths to GPS devices 30 /dev/tty{,S,USB,AMA,ACM}[0-9]* rw, 31 /sys/dev/char r, 32 /sys/dev/char/** r, 33 34 # pps related devices 35 /dev/pps[0-9]* rw, 36 /sys/devices/virtual/pps r, 37 /sys/devices/virtual/pps/** r, 38 39 # gpsd device to share 40 /dev/gpsd[0-9] rw, 41 42 # libusb device access to GPS devices 43 /proc/ r, 44 /dev/ r, 45 /sys/class/ r, 46 /sys/bus/ r, 47 /dev/bus/usb/ r, 48 /sys/bus/usb/devices/ r, 49 /sys/devices/pci[0-9]*/**/{uevent,busnum,devnum,speed,descriptors} r, 50 /run/udev/data/+usb* r, 51 /run/udev/data/c189* r, 52 53 # common config path (by default unused) 54 /etc/gpsd/* r, 55 56 # enumerate own FDs 57 @{PROC}/@{pid}/fd/ r, 58 59 # default paths feeding GPS data into chrony 60 /{,var/}run/chrony.tty{,S,USB,AMA}[0-9]*.sock rw, 61 /tmp/chrony.tty{,S,USB,AMA}[0-9]*.sock rw, 62 63 # logging 64 /{,var/}run/systemd/journal/dev-log w, 65 66 # Site-specific additions and overrides. See local/README for details. 67 #include <local/usr.sbin.gpsd> 68} 69