# AppArmor profile for vdirsyncer CalDav/CardDAV synchronization client
# Version of program profiled: 0.19.2
# Homepage: https://github.com/krathalan/apparmor-profiles
# Copyright 2020-2024 (C) krathalan; Licensed under GPLv3

abi <abi/3.0>,
include <tunables/global>

profile vdirsyncer /usr/bin/vdirsyncer {
  include if exists <local/vdirsyncer>
  include <abstractions/base>
  include <abstractions/python>

  /usr/bin/ r,
  /usr/bin/python3.[0-9] r,
  /usr/bin/vdirsyncer r,

  # Networking
  include <abstractions/ssl_certs>
  include <abstractions/krathalans-networking>
  network unix stream,
  network inet6 dgram,
  network inet6 stream,
  network inet dgram,
  network inet stream,
  network netlink raw,

  # Config
  owner @{HOME}/.config/vdirsyncer/* r,

  # Contact storage location
  owner @{HOME}/.local/share/contacts/{,**} rwl,
  # Task storage location
  owner @{HOME}/.local/share/tasks/{,**} rwl,
  # Calendar storage location
  owner @{HOME}/.local/share/calendar/{,**} rwl,

  # Cache
  owner @{HOME}/.cache/vdirsyncer-status/{,**} rwk,
  
  # Misc
  owner /var/tmp/etilqs* rw,

  # Deny unnecessary permissions
  deny /usr/bin/uname rx,
  deny @{PROC}/{,**} r,
}
