#include <tunables/global>

@{BROWSER} = vivaldi
@{APPNAME} = @{BROWSER}-snapshot
@{APPDIR} = /opt/@{APPNAME}
@{BINARY_NAME} = @{BROWSER}-bin
@{BINARY_PATH} = @{APPDIR}/@{BINARY_NAME}
@{SANDBOX_PATH} = @{APPDIR}/@{BROWSER}-sandbox
@{VARDIR}       = /var@{APPDIR}
@{SOCKET_PATH}  = .com.vivaldi
@{CONFIG_SUBDIR} = @{APPNAME}

profile vivaldi-snapshot-bin /opt/vivaldi-snapshot/vivaldi-bin {
  #include <abstractions/chromium-common>
  #include <abstractions/vivaldi>

  @{SANDBOX_PATH} Px -> vivaldi-snapshot-bin//sandbox, 

  signal (send) peer=vivaldi-snapshot-bin//*,
  ptrace        peer=vivaldi-snapshot-bin//*,

  profile sandbox {
    #include <abstractions/base>
    #include <abstractions/vivaldi>

    @{SANDBOX_PATH} rm,

    capability sys_chroot,
    capability sys_admin,
    capability setuid,
    capability setgid,
    capability sys_resource,

    signal (receive) peer=@{BINARY_PATH},
    @{BINARY_PATH} Px -> vivaldi-snapshot-bin//sandboxed,
  }

  profile sandboxed {
    #include <abstractions/base>
    #include <abstractions/vivaldi>
    #include <abstractions/fonts>

    @{BINARY_PATH} rm,

    signal (receive) peer=@{BINARY_PATH},
    /sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq r,

    /proc/ r,
    /proc/@{pid}/statm r,

    owner /dev/shm/@{SOCKET_PATH}.* rwlk,
  }

  #include if exists <local/opt.vivaldi-snapshot.vivaldi-bin>
  #include if exists <local/vivalid-snapshot-bin>
}
