From 04b9e60072b16e783fd32500dc396e6a96bb160d Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 18 Mar 2024 14:42:02 +0000
Subject: [PATCH] feat(profile): replace some path with the new desktop
 variables.

---
 apparmor.d/groups/bus/dbus-accessibility      |  4 +--
 apparmor.d/groups/bus/dbus-system             |  4 +--
 apparmor.d/groups/bus/ibus-dconf              | 16 ++++-----
 apparmor.d/groups/bus/ibus-engine-simple      |  5 +--
 apparmor.d/groups/freedesktop/colord          |  7 ++--
 .../groups/freedesktop/xdg-user-dirs-update   | 34 ++++++-------------
 apparmor.d/groups/gvfs/gvfsd-metadata         |  2 +-
 7 files changed, 30 insertions(+), 42 deletions(-)

diff --git a/apparmor.d/groups/bus/dbus-accessibility b/apparmor.d/groups/bus/dbus-accessibility
index 755414b79..6fe492f46 100644
--- a/apparmor.d/groups/bus/dbus-accessibility
+++ b/apparmor.d/groups/bus/dbus-accessibility
@@ -45,8 +45,8 @@ profile dbus-accessibility @{exec_path} flags=(attach_disconnected) {
   /etc/machine-id r,
   /var/lib/dbus/machine-id r,
 
-  owner /var/lib/gdm{3,}/.config/dconf/user r,
-  owner /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner @{DESKTOP_HOME}/greeter-dconf-defaults r,
+  owner @{desktop_config_dirs}/dconf/user r,
 
         @{run}/systemd/users/@{uid} r,
   owner @{run}/user/@{uid}/gdm/Xauthority r,
diff --git a/apparmor.d/groups/bus/dbus-system b/apparmor.d/groups/bus/dbus-system
index 72825bdbf..32b566814 100644
--- a/apparmor.d/groups/bus/dbus-system
+++ b/apparmor.d/groups/bus/dbus-system
@@ -45,10 +45,10 @@ profile dbus-system flags=(attach_disconnected) {
   /etc/machine-id r,
   /var/lib/dbus/machine-id r,
 
+  @{desktop_share_dirs}/icc/ r,
+  @{desktop_share_dirs}/icc/edid-@{md5}.icc r,
   @{user_share_dirs}/icc/ r,
   @{user_share_dirs}/icc/edid-@{md5}.icc r,
-  /var/lib/gdm{,3}/.local/share/icc/ r,
-  /var/lib/gdm{,3}/.local/share/icc/edid-@{md5}.icc r,
 
   @{run}/systemd/users/@{int} r,
   @{run}/systemd/sessions/*.ref rw,
diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf
index 360788544..9d91cd397 100644
--- a/apparmor.d/groups/bus/ibus-dconf
+++ b/apparmor.d/groups/bus/ibus-dconf
@@ -32,14 +32,14 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) {
   /etc/dconf/db/ibus r,
   /etc/dconf/profile/ibus r,
 
-  /var/lib/gdm{3,}/.cache/dconf/ w,
-  /var/lib/gdm{3,}/.cache/dconf/user rw,
-  /var/lib/gdm{3,}/.cache/ibus/dbus-@{rand8} rw,
-  /var/lib/gdm{3,}/.config/dconf/ w,
-  /var/lib/gdm{3,}/.config/dconf/user rw,
-  /var/lib/gdm{3,}/.config/ibus/bus/ r,
-  /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner @{desktop_cache_dirs}/dconf/ w,
+  owner @{desktop_cache_dirs}/dconf/user rw,
+  owner @{desktop_cache_dirs}/ibus/dbus-@{rand8} rw,
+  owner @{desktop_config_dirs}/dconf/ w,
+  owner @{desktop_config_dirs}/dconf/user rw,
+  owner @{desktop_config_dirs}/ibus/bus/ r,
+  owner @{desktop_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
+  owner @{DESKTOP_HOME}/greeter-dconf-defaults r,
 
   owner @{user_cache_dirs}/ibus/dbus-@{rand8} rw,
 
diff --git a/apparmor.d/groups/bus/ibus-engine-simple b/apparmor.d/groups/bus/ibus-engine-simple
index f4172e280..8044a4d8c 100644
--- a/apparmor.d/groups/bus/ibus-engine-simple
+++ b/apparmor.d/groups/bus/ibus-engine-simple
@@ -20,8 +20,9 @@ profile ibus-engine-simple @{exec_path} flags=(attach_disconnected) {
   /etc/machine-id r,
   /var/lib/dbus/machine-id r,
 
-  /var/lib/gdm{3,}/.config/ibus/bus/ r,
-  /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
+  owner @{desktop_cache_dirs}/ibus/dbus-@{rand8} rw,
+  owner @{desktop_config_dirs}/ibus/bus/ r,
+  owner @{desktop_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
 
   owner /dev/tty@{int} rw,
 
diff --git a/apparmor.d/groups/freedesktop/colord b/apparmor.d/groups/freedesktop/colord
index 2b5bca910..ba13c8398 100644
--- a/apparmor.d/groups/freedesktop/colord
+++ b/apparmor.d/groups/freedesktop/colord
@@ -38,6 +38,8 @@ profile colord @{exec_path} flags=(attach_disconnected) {
   /usr/share/mime/mime.cache r,
   /usr/share/snmp/mibs/{,*} r,
 
+  @{system_share_dirs}/mime/mime.cache r,
+
   owner /var/lib/colord/.cache/ rw,
   owner /var/lib/colord/.cache/** rw,
   owner /var/lib/colord/{mapping,storage}.db{,-journal} rwk,
@@ -47,10 +49,7 @@ profile colord @{exec_path} flags=(attach_disconnected) {
   owner /var/lib/snmp/mibs/{iana,ietf}/ r,
   owner /var/lib/snmp/mibs/{iana,ietf}/[A-Z]* r,
 
-  /var/lib/gdm{3,}/.local/share/icc/edid-*.icc r,
-  /var/lib/flatpak/exports/share/mime/mime.cache r,
-  @{system_share_dirs}/mime/mime.cache r,
-
+  @{desktop_share_dirs}/icc/edid-*.icc r,
   @{user_share_dirs}/icc/edid-*.icc r,
 
   @{run}/systemd/journal/socket rw,
diff --git a/apparmor.d/groups/freedesktop/xdg-user-dirs-update b/apparmor.d/groups/freedesktop/xdg-user-dirs-update
index 50934f611..2869c10cf 100644
--- a/apparmor.d/groups/freedesktop/xdg-user-dirs-update
+++ b/apparmor.d/groups/freedesktop/xdg-user-dirs-update
@@ -16,29 +16,17 @@ profile xdg-user-dirs-update @{exec_path} {
   /etc/xdg/user-dirs.conf r,
   /etc/xdg/user-dirs.defaults r,
 
-  /var/lib/gdm{3,}/.config/ rw,
-  /var/lib/gdm{3,}/.config/user-dirs.dirs{,*} rw,
-  /var/lib/gdm{3,}/.config/user-dirs.locale rw,
-  /var/lib/gdm{3,}/@{XDG_DESKTOP_DIR}/ rw,
-  /var/lib/gdm{3,}/@{XDG_DOCUMENTS_DIR}/ rw,
-  /var/lib/gdm{3,}/@{XDG_DOWNLOAD_DIR}/ rw,
-  /var/lib/gdm{3,}/@{XDG_MUSIC_DIR}/ rw,
-  /var/lib/gdm{3,}/@{XDG_PICTURES_DIR}/ rw,
-  /var/lib/gdm{3,}/@{XDG_PUBLICSHARE_DIR}/ rw,
-  /var/lib/gdm{3,}/@{XDG_TEMPLATES_DIR}/ rw,
-  /var/lib/gdm{3,}/@{XDG_VIDEOS_DIR}/ rw,
-
-  /var/lib/sddm/.config/ rw,
-  /var/lib/sddm/.config/user-dirs.dirs{,*} rw,
-  /var/lib/sddm/.config/user-dirs.locale rw,
-  /var/lib/sddm/@{XDG_DESKTOP_DIR}/ rw,
-  /var/lib/sddm/@{XDG_DOCUMENTS_DIR}/ rw,
-  /var/lib/sddm/@{XDG_DOWNLOAD_DIR}/ rw,
-  /var/lib/sddm/@{XDG_MUSIC_DIR}/ rw,
-  /var/lib/sddm/@{XDG_PICTURES_DIR}/ rw,
-  /var/lib/sddm/@{XDG_PUBLICSHARE_DIR}/ rw,
-  /var/lib/sddm/@{XDG_TEMPLATES_DIR}/ rw,
-  /var/lib/sddm/@{XDG_VIDEOS_DIR}/ rw,
+  owner @{desktop_config_dirs}/ rw,
+  owner @{desktop_config_dirs}/user-dirs.dirs{,*} rw,
+  owner @{desktop_config_dirs}/user-dirs.locale rw,
+  owner @{DESKTOP_HOME}/@{XDG_DESKTOP_DIR}/ rw,
+  owner @{DESKTOP_HOME}/@{XDG_DOCUMENTS_DIR}/ rw,
+  owner @{DESKTOP_HOME}/@{XDG_DOWNLOAD_DIR}/ rw,
+  owner @{DESKTOP_HOME}/@{XDG_MUSIC_DIR}/ rw,
+  owner @{DESKTOP_HOME}/@{XDG_PICTURES_DIR}/ rw,
+  owner @{DESKTOP_HOME}/@{XDG_PUBLICSHARE_DIR}/ rw,
+  owner @{DESKTOP_HOME}/@{XDG_TEMPLATES_DIR}/ rw,
+  owner @{DESKTOP_HOME}/@{XDG_VIDEOS_DIR}/ rw,
 
   owner @{HOME}/@{XDG_DESKTOP_DIR}/ w,
   owner @{HOME}/@{XDG_DOCUMENTS_DIR}/ w,
diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata
index b519b98d2..37827e7d4 100644
--- a/apparmor.d/groups/gvfs/gvfsd-metadata
+++ b/apparmor.d/groups/gvfs/gvfsd-metadata
@@ -26,7 +26,7 @@ profile gvfsd-metadata @{exec_path} {
 
   @{exec_path} mr,
 
-  /var/lib/gdm{3,}/.local/share/gvfs-metadata/{,*} rw,
+  owner @{gdm_share_dirs}/gvfs-metadata/{,*} rw,
 
   owner @{HOME}/.local/ w,