#include <tunables/global>

/usr/bin/pulseaudio {
  #include <abstractions/base>
  #include <abstractions/audio>
  #include <abstractions/dbus-session>
  #include <abstractions/dbus-strict>
  #include <abstractions/nameservice>
  #include <abstractions/X>

  dbus send
       bus=system
       path=/org/freedesktop/RealtimeKit1
       interface=org.freedesktop.RealtimeKit1
       member={MakeThreadRealtime,MakeThreadHighPriority}
       peer=(name=org.freedesktop.RealtimeKit1),

  dbus send
       bus=system
       path=/org/freedesktop/RealtimeKit1
       interface=org.freedesktop.DBus.Properties
       member=Get,

  unix (connect, receive, send) type=stream peer=(addr="@/tmp/.ICE-unix/[0-9]*"),
  ptrace (read,trace) peer=@{profile_name},

  /usr/bin/pulseaudio mixr,

  /etc/pulse/ r,
  /etc/pulse/* r,
  /etc/udev/udev.conf r,
  /etc/timidity/.pulse_cookie w,

  /etc/asound.conf r,

  owner @{HOME}/.esd_auth rwk,
  owner @{HOME}/.pulse-cookie rwk,
  owner @{HOME}/.config/pulse/cookie rwk,
  owner @{HOME}/{.config/pulse,.pulse}/ rw,
  owner @{HOME}/{.config/pulse,.pulse}/* rw,

  owner /run/pulse/ rw,
  owner /run/pulse/.pulse-cookie rwk,
  owner /run/pulse/dbus-socket rwk,
  owner /run/pulse/native rwk,
  owner /run/pulse/pid rwk,
  owner /run/user/[0-9]*/pulse/  rw,
  owner /run/user/[0-9]*/pulse/* rwk,
  /run/udev/data/+sound:card* r,
  /run/udev/data/c116:[0-9]* r,
  /run/udev/data/c14:[0-9]* r,

  # logind
  /run/user/[0-9]*/dconf/user k,

  /sys/bus/ r,
  /sys/class/ r,
  /sys/class/sound/ r,
  /sys/devices/pci[0-9]*/**/*class r,
  /sys/devices/pci[0-9]*/**/uevent r,
  /sys/devices/system/cpu/ r,
  /sys/devices/system/cpu/online r,
  /sys/devices/virtual/dmi/id/bios_vendor r,
  /sys/devices/virtual/dmi/id/board_vendor r,
  /sys/devices/virtual/dmi/id/sys_vendor r,
  /sys/devices/virtual/sound/**/uevent r,

  /usr/share/alsa/** r,
  /usr/share/applications/ r,
  /usr/share/applications/* r,
  /usr/share/pulseaudio/** r,
  /usr/lib/pulse-[1-9]*.[0-9]/modules/*.so mr,
  /usr/lib/pulseaudio/pulse/gconf-helper Cx,

  owner /var/lib/gdm3/.config/pulse/ rw,
  owner /var/lib/gdm3/.config/pulse/* rw,
  owner /var/lib/gdm3/.config/pulse/cookie rwk,

  owner /var/lib/lightdm/.Xauthority r,
  owner /var/lib/lightdm/.esd_auth rwk,
  owner /var/lib/lightdm/.config/pulse/cookie rwk,
  owner /var/lib/lightdm/.config/pulse/ rw,
  owner /var/lib/lightdm/.config/pulse/* rw,

  # are these needed?
  /var/lib/pulse/ rw,
  /var/lib/pulse/*-default-sink rw,
  /var/lib/pulse/*-default-source rw,
  /var/lib/pulse/*.tdb rw,

  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/maps r,
  owner @{PROC}/@{pid}/stat r,

  owner /tmp/pulse-*/pid rwk,
  owner /tmp/pulse-*/native rwk,
  owner /tmp/pulse-*/autospawn.lock rwk,
  owner /run/user/*/pulse/autospawn.lock rwk,

  owner /tmp/orcexec.* mrw,
  owner /{,var/}run/user/[0-9]*/orcexec.* mrw,
  # needed if /tmp is mounted noexec:
  owner @{HOME}/orcexec.* mrw,

  owner /tmp/.esd-@{pid}*/ rw,
  owner /tmp/.esd-@{pid}*/socket rw,

  profile /usr/lib/pulseaudio/pulse/gconf-helper {
    #include <abstractions/base>

    /usr/lib/pulseaudio/pulse/gconf-helper mr,
  }

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.bin.pulseaudio>
}