From 90b6486ffe95bf50bbf1fa60964c80853917c3c8 Mon Sep 17 00:00:00 2001
From: Aaron Rainbolt <arraybolt3@ubuntu.com>
Date: Fri, 12 Sep 2025 18:08:00 -0500
Subject: [PATCH] Allow users in the sudo group to use usbguard-notifier

---
 debian/security-misc.postinst         | 16 ++++++++++------
 etc/usbguard/IPCAccessControl.d/:sudo |  1 +
 2 files changed, 11 insertions(+), 6 deletions(-)
 create mode 100644 etc/usbguard/IPCAccessControl.d/:sudo

diff --git a/debian/security-misc.postinst b/debian/security-misc.postinst
index fbed2ab..6dfea78 100644
--- a/debian/security-misc.postinst
+++ b/debian/security-misc.postinst
@@ -92,12 +92,16 @@ case "$1" in
 
         ## Fix usbguard config permissions, this seemingly can't be done
         ## during the unpack stage
-        if test -f /etc/usbguard/rules.d/30_security-misc.conf; then
-          chmod 0600 /etc/usbguard/rules.d/30_security-misc.conf || true
-        fi
-        if test -f /etc/usbguard/usbguard-daemon.conf.security-misc; then
-          chmod 0600 /etc/usbguard/usbguard-daemon.conf.security-misc || true
-        fi
+        usbguard_config_file_list=(
+          '/etc/usbguard/rules.d/30_security-misc.conf'
+          '/etc/usbguard/usbguard-daemon.conf.security-misc'
+          '/etc/usbguard/IPCAccessControl.d/:sudo'
+        )
+        for usbguard_config_file in "${usbguard_config_file_list[@]}"; do
+          if test -f "${usbguard_config_file}"; then
+            chmod 0600 "${usbguard_config_file}"
+          fi
+        done
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/etc/usbguard/IPCAccessControl.d/:sudo b/etc/usbguard/IPCAccessControl.d/:sudo
new file mode 100644
index 0000000..c12628a
--- /dev/null
+++ b/etc/usbguard/IPCAccessControl.d/:sudo
@@ -0,0 +1 @@
+Devices=listen