deb#887593 apparmor: allow reading device information

* Add file read rule for paths like
/sys/devices/virtual/block/dm-0/queue/rotational
used by isRotational() in desktop/unx/source/pagenin.c.
* Add file read rule for paths like
/sys/dev/char/226:128/device/uevent
used by libdrm.

Change-Id: Ic41365b478c817b6766e25adadd6761fa03ff055
Reviewed-on: https://gerrit.libreoffice.org/48265
Tested-by: Rene Engelhard <rene@debian.org>
Reviewed-by: Rene Engelhard <rene@debian.org>
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/48278
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>

2 files changed, 2 insertions, 0 deletions

diff --git a/sysui/desktop/apparmor/program.oosplash b/sysui/desktop/apparmor/program.oosplash
index e044c1afce26..bcc06914d112 100644
--- a/sysui/desktop/apparmor/program.oosplash
+++ b/sysui/desktop/apparmor/program.oosplash
@@ -23,6 +23,7 @@ profile libreoffice-oopslash INSTDIR-program/oosplash {
   /etc/passwd                           r,
   /etc/nsswitch.conf                    r,
   /run/nscd/passwd                      r,
+  /sys/devices/{virtual,pci[0-9]*}/**/queue/rotational  r, # for isRotational() in desktop/unx/source/pagein.c
   /usr/lib{,32,64}/ure/bin/javaldx      rmpux,
   /usr/share/libreoffice/program/*      r,
   INSTDIR-program/** 			r,
diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index 93fc7ee537e6..44cb61be97ec 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -160,6 +160,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
 
   #Likely moving to abstractions in the future
   owner @{HOME}/.icons/*/cursors/*      r,
+  /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, # for libdrm
   /usr/share/*-fonts/conf.avail/*.conf  r,
   /usr/share/fonts-config/conf.avail/*.conf r,