# ----------------------------------------------------------------------------
#
#    Copyright (C) 2000-2014 Synology Inc. All rights reserved.
#
# ----------------------------------------------------------------------------

#include <tunables/global>

/volume*/@appstore/DownloadStation/sbin/scheduler {
	#include <abstractions/base>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions/webfm/index>
	#include <abstractions.pkg/DownloadStation/base>

	/volume*/@appstore/DownloadStation/bin/*			rix,
	/volume*/@appstore/DownloadStation/sbin/*	rix,
	/usr/syno/sbin/synouser								rix,
	/usr/bin/php										rix,
	/usr/syno/etc/synoshare.db							rwk,
	/usr/syno/etc/preference/*/dsmnotify				rwk,
	/usr/syno/etc/packages/AudioStation/audio.conf		r,
	/usr/syno/etc/preference/*/usersettings				r,
	/usr/syno/etc/synosmtp.conf							r,
	/usr/syno/etc/nslcd.conf							r,
	/usr/syno/etc/smbinfo.conf							r,
	/usr/syno/etc/extra-admin-CMS						r,

	/usr/syno/etc/packages/DownloadStation/settings.conf*		rwk,
	/usr/syno/etc/packages/DownloadStation/amule/{,**}			rwk,
	/usr/syno/etc/packages/DownloadStation/download/{,**}		rwk,
	/etc/synoappprivilege.db{,*}								rwk,
	/usr/sbin/pppoe-status										rix,
	/volume*/@appstore/DownloadStation/hostscript/synoutils		rix,

	/usr/local/etc/{,**}								r,

	/volume*/@appstore/DownloadStation/plugins/{,**}		mrk,
	/volume*/{,**}											lrwk,
#	semaphores
	/dev/shm/*											lrwk,

#	wget-spider
	/.listing*			rwk,

#transmissiond
	/dev/crypto											rw,
	/usr/share/samba/codepages/upcase.dat				r,
	/usr/share/samba/codepages/lowcase.dat				r,
	/usr/syno/smb.conf									r,
	/usr/syno/etc/smb.conf								r,

#ffmpeg
	/usr/syno/etc/codec/{,activation.conf}				rwk,
	/etc/VERSION										r,
	/proc/platform_config								w,

#7z (index)
	/var/spool/syno_indexing_queue						rwk,
	/volume*/@eaDir/{,**}								rwk,
	/usr/syno/etc/packages/PhotoStation/settings.conf	r,
	/usr/syno/etc/packages/AudioStation/audio.conf		r,

	/etc/*												rk,
	/lib/python2.7/{,**}								rwk,
	/usr/local/lib/python2.7/{,**}						rwk,

# lftp
	/													r,
	/root/.local/{,**}									rwk,

#nzbget
	/dev/tty											rw,

	network,
	capability setuid,
	capability setgid,
	capability chown,
	capability dac_override,
	capability block_suspend,
	capability fowner,
	capability sys_ptrace,
	capability net_bind_service,
}

/volume*/@appstore/DownloadStation/sbin/synodldbd {
	#include <abstractions/base>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/etc/nsswitch.conf			r,
	/etc/passwd					r,
}

/volume*/@appstore/DownloadStation/ui/dlm/downloadman.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions/webfm/index>
	#include <abstractions.pkg/DownloadStation/base>

	/usr/syno/etc/preference/*/usersettings							r,
	/volume*/@appstore/DownloadStation/hostscript/**				rwk,
	/volume*/@appstore/DownloadStation/ui/modules/modules.json		rk,
	/volume*/@appstore/DownloadStation/ui/modules/*/modules.json	rk,

	/usr/local/etc/rc.d/								rwk,

	/var/packages/										rw,
	/var/packages/Python/INFO							r,
	/var/packages/Python/scripts/start-stop-status		rix,

	/volume*/@tmp/{,**}									rw,
	/volume*/@tmp/btdl/{,**}							rwk,
	/tmp/ds_file_map									rw,

	/volume*/@appstore/DownloadStation/bin/synobttool	rix,
	/volume*/@appstore/DownloadStation/bin/synodlunzip	rix,
	/usr/bin/curl										rix,

	/usr/share/samba/codepages/upcase.dat				r,
	/usr/share/samba/codepages/lowcase.dat				r,

	/volume*/**											rwk,

#index
	/var/spool/syno_indexing_queue						rwk,
	/volume*/@eaDir/{,**}								rwk,
	/usr/syno/etc/packages/PhotoStation/settings.conf	r,
	/usr/syno/etc/packages/AudioStation/audio.conf		r,

	capability setgid,
	capability chown,
	capability fowner,
	capability block_suspend,
}

/volume*/@appstore/DownloadStation/ui/dlm/torrent_info.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/volume*/@tmp/btdl/{,**}							r,
	/usr/syno/sbin/synouser								rix,
	/volume*/**											rwk,

	capability setgid,
	capability block_suspend,
	capability chown,
	capability fowner,
}

/volume*/@appstore/DownloadStation/ui/dlm/btsearch.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/usr/syno/etc/preference/*/usersettings				r,
	/volume*/@appstore/DownloadStation/ui/dlm/btsearch/**	rwk,
	/usr/syno/etc/packages/DownloadStation/download/userplugins/{,**}	rwk,
	/usr/syno/etc/packages/DownloadStation/download/btsearch.conf		rwk,
	/volume*/@appstore/DownloadStation/hostscript/{,**}		rwk,
	/volume*/{,usbshare*/}@tmp/**										rwk,
	/var/packages/DownloadStation/INFO							r,

	/usr/share/samba/codepages/upcase.dat				r,
	/usr/share/samba/codepages/lowcase.dat				r,

	/etc/php/**											r,

	/etc/dhcpc/{,**}									r,
	/usr/syno/etc/wifi/{,**}							r,

	capability setgid,
	capability chown,
	capability ipc_lock,
	capability fowner,
}

/volume*/@appstore/DownloadStation/ui/dlm/rss.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/volume*/@appstore/DownloadStation/bin/*			rix,
	/usr/share/samba/codepages/lowcase.dat				r,
	/usr/share/samba/codepages/upcase.dat				r,

	/usr/syno/etc/packages/DownloadStation/settings.conf*		rwk,

	capability block_suspend,
}

/volume*/@appstore/DownloadStation/ui/dlm/dlglobalsettings.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/usr/syno/etc/preference/*/usersettings						r,
	/usr/syno/etc/packages/DownloadStation/settings.conf*		rwk,
	/usr/syno/etc/packages/DownloadStation/download/xunlei.conf	rwk,
	/volume*/@appstore/DownloadStation/hostscript/{,**}		rwk,
	/usr/syno/etc/packages/DownloadStation/amule/{,**}			rwk,
	/volume*/@appstore/DownloadStation/xunleiplugin/{,**}		rwk,
	/var/packages/{,*}											r,
	/var/packages/Python/{,*}									r,
	/usr/local/etc/rc.d/{,*}									rw,
	/etc/php/{,**}												r,
	/lib/python2.7/{,**}										rwk,
	/usr/local/lib/python2.7/{,**}								rwk,
	/etc/mtab													r,
	/															r,

	/volume*/@appstore/DownloadStation/scripts/{,**}			rix,
	/volume*/@appstore/DownloadStation/sbin/scheduler			rpx,
	/volume*/{,**}												rwk,
	/var/services/download										rwk,

	capability setgid,
	capability ipc_lock,
	capability fowner,
	capability chown,
}

/volume*/@appstore/DownloadStation/ui/dlm/btsetting.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/usr/syno/etc/preference/*/usersettings			r,

	/volume*/@appstore/DownloadStation/hostscript/**			rwk,
	/volume*/@appstore/DownloadStation/ui/dlm/btsearch/**		rwk,
	/usr/syno/etc/packages/DownloadStation/settings.conf*		rwk,
	/usr/local/etc/services.d/synodownload_port*				rwk,

	/usr/syno/etc/packages/DownloadStation/download/**			rwk,
	/etc/dhclient/**											r,
	/usr/syno/etc/synosmtp.conf									r,
	/usr/sbin/pppoe-status										rix,
	/usr/syno/etc.defaults/iptables_modules_list				r,
	/usr/syno/etc.defaults/iptables_chain_list					r,
	/etc/httpd/sites-enabled-user/httpd-vhost.conf-user			r,
	/etc/httpd/sites-enabled-user/httpd-ssl-vhost.conf-user		r,
	/etc/dhcpc/{,**}											r,
	/etc/parental/timectrl.conf									r,
	/etc/portforward/routerpf/dnat_rules.dump*					rwk,
	/tmp/synotimecontrol										ix,
	/usr/syno/etc/wifi/*										r,
	/usr/syno/sbin/synotimecontrol								r,


	network,
}

/volume*/@appstore/DownloadStation/ui/dlm/filehosting.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/volume*/@appstore/DownloadStation/hostscript/**			r,
	/var/packages/DownloadStation/INFO							r,
	capability setgid,
}

/volume*/@appstore/DownloadStation/ui/aMuleUI/emulesetting.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/usr/syno/etc/packages/DownloadStation/amule/{,**}			rwk,
	/usr/syno/etc/packages/DownloadStation/settings.conf*		rwk,
	/usr/syno/etc/preference/*/usersettings						r,
	/usr/local/etc/services.d/synodownload_port*				rwk,
	/etc/httpd/sites-enabled-user/httpd-vhost.conf-user			r,
	/etc/httpd/sites-enabled-user/httpd-ssl-vhost.conf-user		r,
	/etc/dhclient/**											r,
	/usr/syno/etc/synosmtp.conf									r,
	/usr/syno/etc.defaults/iptables_modules_list				r,
	/usr/syno/etc.defaults/iptables_chain_list					r,

	/etc/dhcpc/{,**}											r,
	network,
}

/volume*/@appstore/DownloadStation/ui/aMuleUI/dl_queue.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/usr/syno/etc/preference/*/usersettings						r,
	/usr/syno/etc/packages/DownloadStation/settings.conf*		rwk,
	/volume*/@tmp/{,**}											rwk,
	capability chown,
}

/volume*/@appstore/DownloadStation/ui/aMuleUI/ul_queue.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/usr/syno/etc/preference/*/usersettings						r,
}

/volume*/@appstore/DownloadStation/ui/aMuleUI/server.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
}

/volume*/@appstore/DownloadStation/ui/aMuleUI/search.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>

	/usr/syno/etc/preference/*/usersettings						r,
	/usr/syno/etc/packages/DownloadStation/settings.conf*		rwk,
	capability chown,
}

#webapi of DownloadStation
/volume*/@appstore/DownloadStation/webapi/xunlei_dl_queue.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>
	#include <abstractions/webfm/index>

	/volume*/@appstore/DownloadStation/hostscript/{,**}			rwk,
	/volume*/@appstore/DownloadStation/xunleiplugin/{,**}		rwk,
	/volume*/@appstore/Python/{,**}								rwk,
	/etc/php/{,**}												r,
	/lib/python2.7/{,**}										rwk,
	/usr/local/lib/python2.7/{,**}								rwk,
	/volume*/@tmp/**											rwk,
	/etc/httpd/conf/mime.types									r,
	/volume*/**													rwk,

#index
	/var/spool/syno_indexing_queue						rwk,
	/volume*/@eaDir/{,**}								rwk,
	/usr/syno/etc/packages/PhotoStation/settings.conf	r,
	/usr/syno/etc/packages/AudioStation/audio.conf		r,

	capability setgid,
	capability ipc_lock,
	capability chown,
}

/volume*/@appstore/DownloadStation/webapi/task.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>

	/usr/syno/etc/packages/DownloadStation/settings.conf*		rwk,
	/volume*/@appstore/DownloadStation/hostscript/**	rwk,
	/volume*/@appstore/DownloadStation/bin/synodlunzip	rix,

	/volume*/**											rwk,

	capability setgid,
	capability chown,
	capability fowner,
	capability block_suspend,
}

/volume*/@appstore/DownloadStation/webapi/btsearch.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>

	/usr/syno/etc/preference/*/usersettings				r,
	/volume*/@appstore/DownloadStation/ui/dlm/btsearch/**	rwk,
	/usr/syno/etc/packages/DownloadStation/download/userplugins/{,**}	rwk,
	/usr/syno/etc/packages/DownloadStation/download/btsearch.conf		rwk,
	/volume*/@appstore/DownloadStation/hostscript/{,**}		rwk,
	/volume*/{,usbshare*/}@tmp/**										rwk,
	/var/packages/DownloadStation/INFO							r,

	/usr/share/samba/codepages/upcase.dat				r,
	/usr/share/samba/codepages/lowcase.dat				r,

	/etc/php/**											r,

	/etc/dhcpc/{,**}									r,
	/usr/syno/etc/wifi/{,**}							r,

	capability setgid,
	capability chown,
	capability ipc_lock,
	capability fowner,
}

/volume*/@appstore/DownloadStation/webapi/info.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>

	/usr/syno/etc/packages/DownloadStation/settings.conf*		rwk,
	/usr/syno/etc/packages/DownloadStation/amule/{,**}			rwk,
	/var/packages/DownloadStation/INFO					r,

	capability setgid,
}

/volume*/@appstore/DownloadStation/webapi/scheduler.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>
}

/volume*/@appstore/DownloadStation/webapi/auth.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>
}

/volume*/@appstore/DownloadStation/webapi/statistic.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>
}

/volume*/@appstore/DownloadStation/webapi/RSSfeed.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>
}

/volume*/@appstore/DownloadStation/webapi/RSSsite.cgi {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>

	/volume*/@appstore/DownloadStation/bin/*			rix,
}

^/usr/syno/synoman/webapi/entry.cgi//SYNO.DownloadStation2.Task {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>

	/usr/syno/etc/packages/DownloadStation/settings.conf*		rwk,
	/volume*/@appstore/DownloadStation/hostscript/**	rwk,
	/volume*/@tmp/{,**}									rw,
	/volume*/@tmp/btdl/{,**}							rwk,
	/tmp/ds_file_map									rw,
	/volume*/@appstore/DownloadStation/bin/synobttool   rix,
	/volume*/@appstore/DownloadStation/bin/synodlunzip	rix,
	/usr/bin/curl										rix,
	/volume*/**											rw,

	/usr/share/samba/codepages/lowcase.dat              r,
	/usr/share/samba/codepages/upcase.dat               r,

	capability setgid,
	capability chown,
	capability block_suspend,
}

^/usr/syno/synoman/webapi/entry.cgi//SYNO.DownloadStation2.Task.List {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>

	/volume*/@appstore/DownloadStation/hostscript/**	rwk,
	/volume*/@tmp/{,**}									rw,
	/volume*/@tmp/btdl/{,**}							rwk,
	/tmp/ds_file_map									rw,
	/volume*/**											rw,

	capability setgid,
	capability chown,
}


^/usr/syno/synoman/webapi/entry.cgi//SYNO.DownloadStation2.Task.BT {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>
}

^/usr/syno/synoman/webapi/entry.cgi//SYNO.DownloadStation2.Task.BT.File {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>

	/volume*/**											rw,
	/usr/syno/sbin/synouser								rix,
	capability setgid,
	capability chown,
	capability block_suspend,
}

^/usr/syno/synoman/webapi/entry.cgi//SYNO.DownloadStation2.Task.BT.Peer {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>
}

^/usr/syno/synoman/webapi/entry.cgi//SYNO.DownloadStation2.Task.BT.Tracker {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>
}

^/usr/syno/synoman/webapi/entry.cgi//SYNO.DownloadStation2.Thumbnail {
	#include <abstractions/base>
	#include <abstractions/base-cgi>
	#include <abstractions/pgsql>
	#include <abstractions/log>
	#include <abstractions.pkg/DownloadStation/base>
	#include <abstractions.pkg/DownloadStation/webapi>


	/usr/syno/etc.defaults/mimetypes.txt					r,
	/volume*/{,usbshare*/,usbshare*/@sharebin/}@download/{,**}					r,

	capability block_suspend,
}

# vim: set ft=apparmor:
