# Description: Can play audio
# Usage: common
/dev/ashmem rw,

# Don't include the audio abstraction and enforce use of pulse instead
/etc/pulse/ r,
/etc/pulse/* r,
/{run,dev}/shm/                    r,  # could allow enumerating apps
owner /{run,dev}/shm/pulse-shm*    rk,
deny /{run,dev}/shm/pulse-shm*     w,  # deny unless we have to have it
owner @{HOME}/.pulse-cookie        rk,
owner @{HOME}/.pulse/              r,
owner @{HOME}/.pulse/*             rk,
owner /{,var/}run/user/*/pulse/       r,
owner /{,var/}run/user/*/pulse/       w,   # shouldn't be needed, but rmdir fail otherwise
owner /{,var/}run/user/*/pulse/native rwk, # cli and dbus-socket should not be
                                           # used by confined apps
owner @{HOME}/.config/pulse/cookie rk,

# Force the use of pulseaudio and silence any denials for ALSA
deny /usr/share/alsa/alsa.conf r,
deny /dev/snd/ r,
deny /dev/snd/* r,

# Hardware-specific accesses
#include "/usr/share/apparmor/hardware/audio.d"
