#include <tunables/global>

/usr/bin/skypeforlinux {
  #include <abstractions/audio>
  #include <abstractions/consoles>
  #include <abstractions/dbus-session>
  #include <abstractions/gnome>
  #include <abstractions/kde>
  #include <abstractions/nameservice>
  #include <abstractions/video>

  # Executables
  /usr/bin/skypeforlinux ixmr,
  /usr/bin/readlink PUxmr,
  /usr/bin/dirname PUxmr,
  /usr/bin/mkdir PUxmr,
  /usr/bin/nohup PUxmr,
  /usr/lib{,32}/skype/skype ixmr,
  /usr/bin/xdg-open PUxmr,
  /usr/bin/kde4-config PUxmr,

  # Configuration files
  owner @{HOME}/.config/skypeforlinux rw,
  owner @{HOME}/.config/skypeforlinux/** krw,

  # Downloads/uploads directory
  owner @{HOME}/Public/ rw,
  owner @{HOME}/Public/** krw,

  # Libraries
  /usr/lib{,32}/libv4l/v4l2convert.so mr,
  /usr/share/skype/lib/libQtWebKit.so.4 mr,

  # Shared data
  /usr/share/skype/ r,
  /usr/share/skype/** r,

  # Devices
  /dev/ r,
  /dev/video[0-9]* mrw,

  # System information
  /etc/machine-id r,
  @{PROC}/sys/kernel/{ostype,osrelease} r,
  @{PROC}/sys/vm/overcommit_memory r,
  @{PROC}/[0-9]*/net/arp r,
  owner @{PROC}/[0-9]*/cmdline r,
  owner @{PROC}/[0-9]*/status r,
  owner @{PROC}/[0-9]*/task/ r,
  owner @{PROC}/[0-9]*/task/[0-9]*/stat r,
  owner @{PROC}/[0-9]*/fd/ r,
  /sys/devices/system/cpu/ r,
  /sys/devices/system/cpu/cpu[0-9]*/cpufreq/scaling_{cur_freq,max_freq} r,
  /sys/devices/pci*/*/usb[0-9]*/*/*/modalias r,
  /sys/devices/pci*/*/usb[0-9]*/*/*/video4linux/video[0-9]*/dev r,
  /sys/devices/pci*/*/usb[0-9]*/*/{idVendor,idProduct,speed} r,

  # This probably should go to appropriate abstractions
  /etc/asound.conf r,
  owner @{HOME}/.config/fontconfig/fonts.conf r,
  owner @{HOME}/.config/gtk-3.0/bookmarks r,
  owner @{HOME}/.config/oxygen-gtk/argb-apps.conf rw,
  owner @{HOME}/.config/pulse/cookie krw,
  owner @{HOME}/.icons/** r,
  owner @{HOME}/.kde4/share/config/kdeglobals krw,
  owner @{HOME}/.kde4/share/config/gtkrc-2.0 r,
  owner @{HOME}/.kde4/share/config/oxygenrc r,
  /usr/share/icons/*/index.theme kr,
  /usr/share/nvidia/nvidia-application-profiles-*-rc r,

  # Denials
  deny owner @{HOME}/.mozilla/ r,
  deny owner @{HOME}/.mozilla/** r,
  deny /sys/devices/virtual/dmi/** r,
}