feat(profile): general update.

apparmor.d/profiles-s-z/snap

@@ -28,6 +28,9 @@ profile snap @{exec_path} {
 
   mount options=(ro, silent) -> /tmp/snapd-auto-import-mount-@{int}/,
 
+  #aa:dbus own bus=session name=io.snapcraft.Launcher
+  #aa:dbus own bus=session name=io.snapcraft.Settings
+
   dbus send bus=session path=/org/freedesktop/systemd1
        interface=org.freedesktop.systemd1.Manager
        member=StartTransientUnit

apparmor.d/profiles-s-z/spice-vdagent

@@ -18,6 +18,7 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/bus/org.freedesktop.RealtimeKit1>
   include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
+  include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/dri>
   include <abstractions/fontconfig-cache-write>
   include <abstractions/fonts>

apparmor.d/profiles-s-z/wireplumber

@@ -35,10 +35,13 @@ profile wireplumber @{exec_path} {
   /opt/intel/oneapi/{compiler,lib,mkl}/**/ r,
   /opt/intel/oneapi/{compiler,lib,mkl}/**.so* mr,
 
+  /usr/share/alsa/{,**} r,
   /usr/share/alsa-card-profile/{,**} r,
   /usr/share/spa-*/bluez@{int}/{,*} r,
   /usr/share/wireplumber/{,**} r,
 
+  /etc/alsa/conf.d/{,**} r,
+
   /etc/machine-id r,
 
   owner @{desktop_local_dirs}/ w,
@@ -49,6 +52,8 @@ profile wireplumber @{exec_path} {
   owner @{user_state_dirs}/ w,
   owner @{user_state_dirs}/wireplumber/{,**} rw,
 
+  owner @{run}/user/@{uid}/pipewire-@{int} rw,
+
   @{run}/systemd/users/@{uid} r,
 
   @{run}/udev/data/c14:@{int} r,          # Open Sound System (OSS)
@@ -69,7 +74,6 @@ profile wireplumber @{exec_path} {
   owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
   /dev/media@{int} rw,
-  /dev/snd/ r,
 
   include if exists <local/wireplumber>
 }

apparmor.d/profiles-s-z/yadifad

@@ -1,9 +1,10 @@
 # apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 include <tunables/global>
 
-@{exec_path} = /{,usr/}{,s}bin/yadifad
+@{exec_path} = @{bin}/yadifad
 profile yadifad @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
@@ -22,16 +23,12 @@ profile yadifad @{exec_path} {
 
   /etc/yadifa/yadifad.conf               r,
 
-        /var/lib/yadifa/**               r,
-  owner /var/lib/yadifa/ydf.@{rand6}       rw,
-  owner /var/lib/yadifa/keys/ydf.@{rand6}  rw,
-  owner /var/lib/yadifa/xfr/ydf.@{rand6}   rw,
+  /var/log/yadifa/{,**} rw,
 
-  /var/log/yadifa/*.log                  rw,
-  /var/log/yadifa/ydf.@{rand6}             rw,
+  owner /var/lib/yadifa/{,**}       rw,
 
+  owner @{run}/yadifa/{,*}    rw,
   owner @{run}/yadifa/yadifad.pid   rwk,
-  owner @{run}/yadifa/ydf.@{rand6}    rw,
 
   include if exists <local/yadifad>
 }