#include <tunables/global>

@{BROWSER} = code
@{APPNAME} = @{BROWSER}
@{APPDIR} = /usr/share/@{APPNAME}
@{BINARY_NAME} = @{BROWSER}
@{BINARY_PATH} = @{APPDIR}/@{BINARY_NAME}
@{SOCKET_PATH} = .org.chromium.Chromium
@{CONFIG_SUBDIR} = Code

profile vscode /usr/share/code/code {
  #include <abstractions/chromium-common>
  #include <abstractions/vscode>
  #include <abstractions/consoles>

  signal (send) peer=vscode//*,
  ptrace        peer=vscode//*,

  signal        peer=lsb_release,
  ptrace        peer=lsb_release,

  /proc/@{pid}/cmdline r,
  /proc/@{pid}/mem r,

  owner @{HOME}/.vscode/ r,
  owner @{HOME}/.vscode/** rwlk,

  owner /run/user/*/vscode* rw,

  @{APPDIR}/**/*.node m,

  /usr/lib/git/git Ux,

  /usr/share/icu/*/icu*.dat r,

  deny @{HOME}/.fonts/.uuid      wl,
  deny /usr/share/fonts/**/.uuid wl,

  /usr/bin/lsb_release Px -> lsb_release,

  @{APPDIR}/resources/app/node_modules.asar.unpacked/vscode-ripgrep/bin/rg Px -> vscode//rg,

  profile rg {
    #include <abstractions/base>
    #include <abstractions/fonts>
    #include <abstractions/consoles>
    #include if exists <local/vscode>

    @{APPDIR}/resources/app/node_modules.asar.unpacked/vscode-ripgrep/bin/rg rm,

    # inherited file handles (no CLO_EXEC)
    @{APPDIR}/** r,
    @{APPDIR}/**/*.node m,

    owner /dev/shm/@{SOCKET_PATH}* rwlk,
    #/ inherited file handles (no CLO_EXEC)
  }

  #include if exists <local/vscode>
}
