Comment 3 for bug 1536669

In order to get this working we need to drill holes in apparmor to the following:
  /sys/devices/**/input*/ rk,
  /sys/devices/**/input*/** rk,
  /sys/class/ r,
  /sys/class/input/ r,
  /run/udev/data/** r,

From these the last one especially is the biggest problem, because all apps will have access to the device data, which is bad. So security is alerted and they disagree on opening those holes, which is understandable.

The solution seems to be Mir to expose these somehow in a more secure way, to which we would need some adaptation.