#include <abstractions/base>
  #include <abstractions/python>
  ## ?
  #include <abstractions/nameservice>

  ## AVC apparmor="DENIED" operation="capable" profile="/usr/bin/tor-circuit-established-check" comm="tor-circuit-est" capability=1  capname="dac_override"
  ## AVC apparmor="DENIED" operation="capable" profile="/usr/bin/tor-circuit-established-check" comm="sh" capability=2  capname="dac_read_search"
  capability dac_override,
  capability dac_read_search,

  ptrace (read),

  /usr/bin/tor-circuit-established-check rix,

  / r,
  /{,usr/}bin/ r,
  /{,usr/}bin/ps rix,
  /{,usr/}bin/dash rix,
  /{,usr/}bin/uname rix,

  ## Can probably add keyword `owner` when this abstraction is no longer
  ## required.
  @{PROC}/*/fd/ r,
  @{PROC}/*/stat r,
  @{PROC}/*/mounts r,
  @{PROC}/*/status r,

  @{PROC}/ r,
  @{PROC}/uptime r,
  @{PROC}/sys/kernel/osrelease r,

  ## AVC apparmor="DENIED" operation="open" profile="/usr/bin/tor-circuit-established-check" name="/proc/1/cmdline" comm="ps" requested_mask="r" denied_mask="r"
  @{PROC}/*/cmdline r,
  @{PROC}/*/environ r,

  owner /{usr/,}lib{,32,64}/** rw,

  /dev/tty rw,

  /run/tor/control.authcookie r,

  ## Not needed. Works without.
  deny /etc/ssl/openssl.cnf r,

  ## TODO: Why is this needed?
  /run/anondate/anondate-get-stderr.txt rw,
  ## Adding just in case.
  /run/anondate/ rw,
  /run/anondate/** rw,