# ----------------------------------------------------------------------------
#
#    Copyright (c) 2020 Synology Inc. All rights reserved.
#
# ----------------------------------------------------------------------------

^/usr/syno/sbin/synoscgi//SYNO.SynologyDriveShareSync.Config {
	#include<abstractions.pkg/SynologyDriveShareSync/webapi>

	/volume*/@appstore/SynologyDrive/sharesync/scripts/DSCCVolChange.sh	ux,
}

^/usr/syno/sbin/synoscgi//SYNO.SynologyDriveShareSync.Connection {
	#include<abstractions.pkg/SynologyDriveShareSync/webapi>
}

^/usr/syno/sbin/synoscgi//SYNO.SynologyDriveShareSync.Connection.test {
	#include<abstractions.pkg/SynologyDriveShareSync/webapi>

	capability block_suspend, # for curl: bug 3467
}

^/usr/syno/sbin/synoscgi//SYNO.SynologyDriveShareSync.Session {
	#include<abstractions.pkg/SynologyDriveShareSync/webapi>
}

^/usr/syno/sbin/synoscgi//SYNO.SynologyDriveShareSync.Session.list_subfolder {
	#include<abstractions.pkg/SynologyDriveShareSync/webapi>

	/volume*/{,**}	r,
}

^/usr/syno/sbin/synoscgi//SYNO.SynologyDriveShareSync.Session.Set {
	#include<abstractions.pkg/SynologyDriveShareSync/webapi>
}

^/usr/syno/sbin/synoscgi//SYNO.SynologyDriveShareSync.Session.Set.start {
	#include<abstractions.pkg/SynologyDriveShareSync/webapi>
	#include<abstractions/btrfs>

	/volume*/{,**}								rw,
	/usr/syno/etc/{,**}							r,

	capability chown,
	# for dsm task
	capability fowner,
}

/volume*/@appstore/SynologyDrive/sharesync/bin/cloud-daemon.exe {
	#include<abstractions/base>
	#include<abstractions/nameservice>
	#include<abstractions/share>
	#include<abstractions/openssl>
	#include<abstractions/log>
	#include<abstractions/storage>
	#include<abstractions/btrfs>
	#include<abstractions/SDKPlugin>
	#include<abstractions.pkg/libsynopersonalnotify>
	#include<abstractions.pkg/libsynoscim>

	@{PROC}/{,**}								r,
	/usr/syno/etc/{,**}							rwk,
	/usr/syno/etc.defaults/{,**}				r,
	/etc/{,**}									r,
	/etc.defaults/{,**}							r,
	/usr/local/etc/{,**}						r,
	/usr/share/{,**}							r,
	/usr/syno/sbin/{,**}						rpx,
	/var/spool/{,**}							rwk,
	/dev/synobios								rw,

	/usr/syno/etc/packages/SynologyDrive/sharesync/{,**}		rwkl,
	/var/packages/SynologyDrive/{,**}							mrwkl,
	/volume*/@appstore/SynologyDrive/sharesync/{,**}			mrwkl,
	/volume*/@SynologyDriveShareSync/{,**}						rwkl,
	/volume*/usbshare*/@sharebin/@SynologyDriveShareSync/{,**}	rwkl,
	/volume*/**													rwkl,

	network inet  stream,
	network inet6 stream,

	capability dac_override,
	capability dac_read_search,
	capability sys_resource,
	capability chown,
	capability fowner,
	capability setuid,
	capability setgid,
	capability fsetid,
	capability net_raw,
	capability net_admin,
	capability sys_admin,
	capability sys_rawio,
	capability sys_nice,
	capability block_suspend,
}

/volume*/@appstore/SynologyDrive/sharesync/bin/srvctl {
	#include<abstractions/base>
	#include<abstractions/nameservice>
	#include<abstractions/share>
	#include<abstractions/log>
	#include<abstractions/storage>
	#include<abstractions/btrfs>
	#include<abstractions/SDKPlugin>

	/usr/syno/etc/{,**}							rwk,
	/usr/syno/etc.defaults/{,**}				r,
	/etc/{,**}									r,
	/etc.defaults/{,**}							r,
	/usr/local/etc/{,**}						r,
	/usr/share/{,**}							r,
	/usr/syno/sbin/{,**}						rpx,

	/usr/syno/etc/packages/SynologyDrive/sharesync/{,**}		rwkl,
	/var/packages/SynologyDrive/{,**}							mrwkl,
	/volume*/@appstore/SynologyDrive/sharesync/{,**}			mrwkl,
	/volume*/@SynologyDriveShareSync/{,**}						rwkl,
	/volume*/usbshare*/@sharebin/@SynologyDriveShareSync/{,**}	rwkl,
	/volume*/**													rwkl,

	/volume*/@appstore/SynologyDrive/sharesync/bin/cloud-daemon.exe		px,
	/volume*/@appstore/SynologyDrive/sharesync/bin/cloud-monitor		ux,

	capability chown,
	capability dac_override,
	capability dac_read_search,
	capability kill,
}

# vim:ft=apparmor
