From 8533329a380e395c08dc275133753a5206260ea4 Mon Sep 17 00:00:00 2001
From: Valentin David <valentin.david@canonical.com>
Date: Wed, 6 Nov 2024 15:40:04 +0100
Subject: [PATCH] interfaces/builtin/fwupd.go: allow access to nvmem for
 thunderbolt plugin

Upstream issue: https://github.com/fwupd/fwupd/issues/8014
---
 interfaces/builtin/fwupd.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/interfaces/builtin/fwupd.go b/interfaces/builtin/fwupd.go
index 22453148a38..70f25942180 100644
--- a/interfaces/builtin/fwupd.go
+++ b/interfaces/builtin/fwupd.go
@@ -154,6 +154,10 @@ const fwupdPermanentSlotAppArmor = `
   /sys/devices/**/psp_vbflash rw,
   /sys/devices/**/psp_vbflash_status r,
 
+  # Required by plugin thunderbolt
+  /sys/devices/**/nvm_non_active*/nvmem a,
+  /sys/devices/**/nvm_active*/nvmem r,
+
   # DBus accesses
   #include <abstractions/dbus-strict>
   dbus (send)