# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2009 Novell/SUSE
#    Copyright (C) 2009-2011 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

  #include <abstractions/dri-common>


  # .ICEauthority files required for X authentication, per user
  owner @{HOME}/.ICEauthority r,
  owner @{run}/user/*/ICEauthority r,

  # .Xauthority files required for X connections, per user
  owner @{HOME}/.Xauthority r,
  owner @{HOME}/.local/share/sddm/.Xauthority r,
  owner /{,var/}run/gdm{,3}/*/database r,
  owner /{,var/}run/lightdm/authority/[0-9]* r,
  owner /{,var/}run/lightdm/*/xauthority r,
  owner /{,var/}run/user/*/gdm/Xauthority r,
  owner /{,var/}run/user/*/X11/Xauthority r,
  owner /{,var/}run/user/*/xauth_* r,

  # the unix socket to use to connect to the display
  /tmp/.X11-unix/* rw,
  unix (connect, receive, send)
       type=stream
       peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
  unix (connect, receive, send)
       type=stream
       peer=(addr="@/tmp/.ICE-unix/[0-9]*"),

  /usr/include/X11/               r,
  /usr/include/X11/**             r,

  # The X tree changes and is large -- grant read access to the whole thing
  /usr/X11R6/**                   r,
  /usr/share/X11/                 r,
  /usr/share/X11/**               r,
  /usr/X11R6/**.so*               mr,

  # EGL
  /usr/lib/@{multiarch}/egl/*.so* mr,

  # Xcompose
  owner @{HOME}/.XCompose         r,
  /var/cache/libx11/compose/*     r,
  deny /var/cache/libx11/compose/* wlk,

  # mouse themes
  /etc/X11/cursors/               r,
  /etc/X11/cursors/**             r,

  # Xwayland
  owner /run/user/*/.mutter-Xwaylandauth.* r,