# this is a preliminary paranoid rule from a local installation. Feel free to submit
# patches that may make the rule suitable for your installation

@@define RUNUDEVCONT [bcn][[:digit:]]+(:[[:digit:]]+)?
!/@@{RUN}/udev$ d
!/@@{RUN}/udev/control$ s
!/@@{RUN}/udev/(data|links|tags|watch)$ d
!/@@{RUN}/udev/data/@@{RUNUDEVCONT}$ f
!/@@{RUN}/udev/data/\+input:input[0123456]$ f
!/@@{RUN}/udev/data/\+module:(af_alg|algif_skcipher|configfs|dm_crypt)$ f
!/@@{RUN}/udev/data/\+acpi:(device|LNX(CPU|[[:upper:]]{5})|(LEN|PNP|SMO)[[:xdigit:]]{4}|ACPI[[:digit:]]{4}|QEMU[[:digit:]]{4}):[0123][[:xdigit:]]$ f
!/@@{RUN}/udev/data/\+ata_device:dev[[:digit:]]\.[01]$ f
!/@@{RUN}/udev/data/\+ata_link:link[[:digit:]]$ f
!/@@{RUN}/udev/data/\+ata_port:ata[[:digit:]]$ f
!/@@{RUN}/udev/data/\+bdi:[[:digit:]]+:[[:digit:]]+$ f
!/@@{RUN}/udev/data/\+bus:(acpi|cec|clockevents|clocksource|container|cpu|dax|event_source|gpio|hid|i2c|machinecheck|mdio_bus|nd|node|nvmem|parport|pci(_express)?|platform|pnp|scsi|ser(ial|io)|usb(-serial)?|virtio|workqueue|xen(-backend)?)$ f
!/@@{RUN}/udev/data/\+by_name:(etc|genroms)$ f
!/@@{RUN}/udev/data/\+class:(ata_(device|link|port)|hwmon|leds|macvtap|mdio_bus|pps|ptp|scsi_(disk|generic)|tpm(rm)?|usbmisc|virtio-ports)$ f
!/@@{RUN}/udev/data/\+clockevents:(broadcast|clock(event[01234567]|source0))$ f
!/@@{RUN}/udev/data/\+clocksource:clocksource0$ f
!/@@{RUN}/udev/data/\+container:PNP0A06:0[023]$ f
!/@@{RUN}/udev/data/\+cpu:cpu[0123]$ f
!/@@{RUN}/udev/data/\+dma:dma0chan[01234]$ f
!/@@{RUN}/udev/data/\+dmi:id$ f
!/@@{RUN}/udev/data/\+drivers:[-[:lower:][:digit:]_]+:[-[:alnum:]\ _]+$ f
!/@@{RUN}/udev/data/\+etc:(acpi|smbios|tpm)$ f
!/@@{RUN}/udev/data/\+event_source:(amd_(l2|nb)|breakpoint|cpu|cstate_(core|pkg)|ibs_(fetch|op)|msr|power|software|uncore_(arb|cbox_[01]))$ f
!/@@{RUN}/udev/data/\+graphics:fbcon$ f
!/@@{RUN}/udev/data/\+hid:0003:[[:xdigit:]]{4}:[[:digit:]]{4}\.000[12]$ f
!/@@{RUN}/udev/data/\+hwmon:hwmon[01]$ f
!/@@{RUN}/udev/data/\+i2c:(dummy|i2c-[01234])$ f
!/@@{RUN}/udev/data/\+leds:(apu:green:[23]|input[123]::(caps|num|scroll)lock)$ f
!/@@{RUN}/udev/data/\+machinecheck:machinecheck[0123]$ f
!/@@{RUN}/udev/data/\+mdio_bus:[[:alnum:]]+-[[:digit:]]+(:00)?$ f
!/@@{RUN}/udev/data/\+module:[[:alnum:]_]+$ f
!/@@{RUN}/udev/data/\+node:node0$ f
!/@@{RUN}/udev/data/\+nvmem:cmos_nvram0$ f
!/@@{RUN}/udev/data/\+parport:(lp\.|parport)0$ f
!/@@{RUN}/udev/data/\+pci:0000:0[0123d]:[01][[:xdigit:]]\.[[:digit:]]$ f
!/@@{RUN}/udev/data/\+pci_bus:0000:0[012345d]$ f
!/@@{RUN}/udev/data/\+pci_express:0000:00:[01][2456c].[01234]:pcie0[01][01]$ f
!/@@{RUN}/udev/data/\+platform:((ACPI|QEMU)000[23]|LEN0068|PNP0[18C][01][03494ACDE]):0[01]$ f
!/@@{RUN}/udev/data/\+platform:(alarmtimer\.0\.auto|coretemp\.0|dock\.[01]|efivars\.0|gpio(-keys-polled|_amd_fch)|i8042|iTCO_wdt\.0\.auto|leds-gpio|microcode|parport_pc\.888|pcspkr|platform-framebuffer\.0|serial8250|simple-framebuffer\.0|sp5100-tco)$ f
!/@@{RUN}/udev/data/\+pnp:00:0[012345]$ f
!/@@{RUN}/udev/data/\+powercap:intel-rapl(:0(:[01])?)?$ f
!/@@{RUN}/udev/data/\+queues:(tx|rx)-[0123]$ f
!/@@{RUN}/udev/data/\+scsi:([1026]:0:0:0|host[0123456]|target[0126]:0:0)$ f
!/@@{RUN}/udev/data/\+scsi_(device|disk):[0126]:0:0:0$ f
!/@@{RUN}/udev/data/\+scsi_host:host[0123456]$ f
!/@@{RUN}/udev/data/\+serio:serio[012]$ f
!/@@{RUN}/udev/data/\+thermal:(cooling_device[0123]|thermal_zone[01])$ f
!/@@{RUN}/udev/data/\+usb:[-[:digit:]\.:]+$ f
!/@@{RUN}/udev/data/\+usb-serial:ttyUSB[[:digit:]]$ f
!/@@{RUN}/udev/data/\+vars:(AcpiGlobalVariable|Boot(00[[:xdigit:]]{2}|Current|OptionSupport|Order(Default)?)|Con(In|Out)(Dev)?|ConsoleLock|DIAGSPLSHSCRN|ErrOut(Dev)?|HDDPWD|Key000[012345]|LB[CL]|LBOL|(LBOP|LKOP)00[[:xdigit:]]{2}|LWO|LastBootCurrent|Lenovo((Security|System)?Config|PciResource|ScratchData)|LocalSecurityVars|MTC|MailBoxQ|MeBiosExtensionSetup|MemRestoreVariable|MemoryOverwriteRequestControl|OpromDevicePath|P(ba|wd)StatusVar|PchInit|PchS3Peim|PlatformLang(Codes)?|ProtectedBootOptions|SMBIOS(ELOG000|ELOGNUMBER|LEN|MEMSIZE)|Setup(HotKey)?|SmmS3NvsData|System|TcgSetup|Timeout|UCR)-[[:xdigit:]]{8}-([[:xdigit:]]{4}-){3}[[:xdigit:]]{12}$ f
!/@@{RUN}/udev/data/\+virtio:virtio[012345]$ f
!/@@{RUN}/udev/data/\+vtconsole:vtcon[01]$ f
!/@@{RUN}/udev/data/\+workqueue:(raid5wq|writeback)$ f
!/@@{RUN}/udev/link\.dvd$ l
!/@@{RUN}/udev/links/\\\\x2f[-[:alnum:]_]+(\\\\x2f[-[:alnum:]_\.]+)?$ d
!/@@{RUN}/udev/links/\\\\x2f[-[:alnum:]_]+(\\\\x2f[-[:alnum:]_\.]+)?/@@{RUNUDEVCONT}$ f
!/@@{RUN}/udev/links/\\\\x2f(disk|input|serial)\\\\x2fby-(id|label|partlabel|partuuid|path|uuid)\\\\x2f[^/]+$ d
!/@@{RUN}/udev/links/\\\\x2f(disk|input|serial)\\\\x2fby-(id|label|partlabel|partuuid|path|uuid)\\\\x2f[^/]+/@@{RUNUDEVCONT}$ f
!/@@{RUN}/udev/static_node-tags(/uaccess)?$ d
!/@@{RUN}/udev/static_node-tags/uaccess/snd\\\\x2ftimer$ l
!/@@{RUN}/udev/tags/(power-switch|(master-of-)?seat|systemd|uaccess)$ d
!/@@{RUN}/udev/tags/(power-switch|(master-of-)?seat|systemd|uaccess)/@@{RUNUDEVCONT}$ f
!/@@{RUN}/udev/tags/seat/(\+input:input[[:digit:]]+|\+leds:input[[:digit:]]+::(caps|num|scroll)lock)$ f
!/@@{RUN}/udev/tags/systemd/\+module:(configfs|fuse)$ f
!/@@{RUN}/udev/watch/[[:digit:]]+$ l
