Reorganise the directories.

apparmor.d/groups/gvfs/gvfs-afc-volume-monitor

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfs-afc-volume-monitor
+@{exec_path} += /usr/libexec/gvfs-afc-volume-monitor
+profile gvfs-afc-volume-monitor @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfs-afc-volume-monitor>
+}

apparmor.d/groups/gvfs/gvfs-goa-volume-monitor

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfs-goa-volume-monitor
+@{exec_path} += /usr/libexec/gvfs-goa-volume-monitor
+profile gvfs-goa-volume-monitor @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfs-goa-volume-monitor>
+}

apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor

@@ -0,0 +1,28 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfs-gphoto2-volume-monitor
+@{exec_path} += /usr/libexec/gvfs-gphoto2-volume-monitor
+profile gvfs-gphoto2-volume-monitor @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/disks-read>
+  include <abstractions/devices-usb>
+
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  owner @{PROC}/@{pid}/mountinfo r,
+  owner @{PROC}/@{pid}/mounts r,
+
+  @{sys}/class/scsi_generic/ r,
+
+  /etc/fstab r,
+
+  include if exists <local/gvfs-gphoto2-volume-monitor>
+}

apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor

@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfs-mtp-volume-monitor
+@{exec_path} += /usr/libexec/gvfs-mtp-volume-monitor
+profile gvfs-mtp-volume-monitor @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/devices-usb>
+
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfs-mtp-volume-monitor>
+}

apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor

@@ -0,0 +1,59 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfs-udisks2-volume-monitor
+@{exec_path} += /usr/libexec/gvfs-udisks2-volume-monitor
+profile gvfs-udisks2-volume-monitor @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/freedesktop.org>
+  include <abstractions/nameservice-strict>
+  include <abstractions/disks-read>
+  include <abstractions/devices-usb>
+
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+
+  signal (send) set=(term, kill) peer=mount,
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/lsof   rix,
+
+  /{usr/,}bin/mount  rPx,
+  /{usr/,}bin/umount rPx,
+
+  include <abstractions/dconf>
+  owner @{run}/user/[0-9]*/dconf/ w,
+  owner @{run}/user/[0-9]*/dconf/user rw,
+
+  /etc/fstab r,
+
+  # Mount points
+  /media/*/ r,
+  /media/*/*/ r,
+  @{HOME}/*/*/ r,
+  @{HOME}/*/*/**/ r,
+  @{HOME}/bluetooth/ r,
+
+  / r,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+
+  @{run}/mount/utab r,
+
+        @{PROC}/ r,
+  owner @{PROC}/@{pid}/fd/ r,
+  owner @{PROC}/@{pid}/mountinfo r,
+  owner @{PROC}/@{pid}/mounts r,
+  owner @{PROC}/@{pid}/cgroup r,
+        @{PROC}/1/cgroup r,
+        @{PROC}/locks r,
+
+  include if exists <local/gvfs-udisks2-volume-monitor>
+}

apparmor.d/groups/gvfs/gvfsd

@@ -0,0 +1,29 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd
+@{exec_path} += /usr/libexec/gvfsd
+profile gvfsd @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/{,ba,da}sh   rix,
+
+  # Don't strip env here.
+  /{usr/,}lib/gvfs/gvfsd-* rPx,
+  /usr/libexec/gvfsd-*     rPx,
+
+  /usr/share/gvfs/{,**} r,
+
+  owner @{run}/user/[0-9]*/gvfs/ rw,
+
+  owner @{PROC}/@{pid}/fd/ r,
+
+  include if exists <local/gvfsd>
+}

apparmor.d/groups/gvfs/gvfsd-admin

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-admin
+@{exec_path} += /usr/libexec/gvfsd-admin
+profile gvfsd-admin @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-admin>
+}

apparmor.d/groups/gvfs/gvfsd-afc

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-afc
+@{exec_path} += /usr/libexec/gvfsd-afc
+profile gvfsd-afc @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-afc>
+}

apparmor.d/groups/gvfs/gvfsd-afp

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-afp
+@{exec_path} += /usr/libexec/gvfsd-afp
+profile gvfsd-afp @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-afp>
+}

apparmor.d/groups/gvfs/gvfsd-afp-browse

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-afp-browse
+@{exec_path} += /usr/libexec/gvfsd-afp-browse
+profile gvfsd-afp-browse @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-afp-browse>
+}

apparmor.d/groups/gvfs/gvfsd-archive

@@ -0,0 +1,23 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-archive
+@{exec_path} += /usr/libexec/gvfsd-archive
+profile gvfsd-archive @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/freedesktop.org>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  owner /**.tar r,
+  owner /**.tar.gz r,
+  owner /**.zip r,
+
+  include if exists <local/gvfsd-archive>
+}

apparmor.d/groups/gvfs/gvfsd-burn

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-burn
+@{exec_path} += /usr/libexec/gvfsd-burn
+profile gvfsd-burn @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-burn>
+}

apparmor.d/groups/gvfs/gvfsd-cdda

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-cdda
+@{exec_path} += /usr/libexec/gvfsd-cdda
+profile gvfsd-cdda @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-cdda>
+}

apparmor.d/groups/gvfs/gvfsd-computer

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-computer
+@{exec_path} += /usr/libexec/gvfsd-computer
+profile gvfsd-computer @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-computer>
+}

apparmor.d/groups/gvfs/gvfsd-dav

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-dav
+@{exec_path} += /usr/libexec/gvfsd-dav
+profile gvfsd-dav @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-dav>
+}

apparmor.d/groups/gvfs/gvfsd-dnssd

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-dnssd
+@{exec_path} += /usr/libexec/gvfsd-dnssd
+profile gvfsd-dnssd @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-dnssd>
+}

apparmor.d/groups/gvfs/gvfsd-ftp

@@ -0,0 +1,31 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-ftp
+@{exec_path} += /usr/libexec/gvfsd-ftp
+profile gvfsd-ftp @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/freedesktop.org>
+  include <abstractions/nameservice-strict>
+
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  include <abstractions/dconf>
+  owner @{run}/user/[0-9]*/dconf/ rw,
+  owner @{run}/user/[0-9]*/dconf/user rw,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+
+  include if exists <local/gvfsd-ftp>
+}

apparmor.d/groups/gvfs/gvfsd-fuse

@@ -0,0 +1,23 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-fuse
+@{exec_path} += /usr/libexec/gvfsd-fuse
+profile gvfsd-fuse @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/fusermount{,3} rPx,
+
+  mount fstype={fuse,fuse.*} -> @{run}/user/[0-9]*/gvfs/,
+
+  /dev/fuse rw,
+
+  include if exists <local/gvfsd-fuse>
+}

apparmor.d/groups/gvfs/gvfsd-google

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-google
+@{exec_path} += /usr/libexec/gvfsd-google
+profile gvfsd-google @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-google>
+}

apparmor.d/groups/gvfs/gvfsd-gphoto2

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-gphoto2
+@{exec_path} += /usr/libexec/gvfsd-gphoto2
+profile gvfsd-gphoto2 @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-gphoto2>
+}

apparmor.d/groups/gvfs/gvfsd-http

@@ -0,0 +1,27 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-http
+@{exec_path} += /usr/libexec/gvfsd-http
+profile gvfsd-http @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/freedesktop.org>
+  include <abstractions/nameservice-strict>
+
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+
+  include if exists <local/gvfsd-http>
+}

apparmor.d/groups/gvfs/gvfsd-localtest

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-localtest
+@{exec_path} += /usr/libexec/gvfsd-localtest
+profile gvfsd-localtest @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-localtest>
+}

apparmor.d/groups/gvfs/gvfsd-metadata

@@ -0,0 +1,23 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-metadata
+@{exec_path} += /usr/libexec/gvfsd-metadata
+profile gvfsd-metadata @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/disks-read>
+
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  owner @{HOME}/.local/share/gvfs-metadata/ rw,
+  owner @{HOME}/.local/share/gvfs-metadata/** rw,
+
+  include if exists <local/gvfsd-metadata>
+}

apparmor.d/groups/gvfs/gvfsd-mtp

@@ -0,0 +1,27 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-mtp
+@{exec_path} += /usr/libexec/gvfsd-mtp
+profile gvfsd-mtp @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/freedesktop.org>
+  include <abstractions/devices-usb>
+
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  include <abstractions/dconf>
+  owner @{run}/user/[0-9]*/dconf/ rw,
+  owner @{run}/user/[0-9]*/dconf/user rw,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+
+  include if exists <local/gvfsd-mtp>
+}

apparmor.d/groups/gvfs/gvfsd-network

@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-network
+@{exec_path} += /usr/libexec/gvfsd-network
+profile gvfsd-network @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-network>
+}

apparmor.d/groups/gvfs/gvfsd-nfs

@@ -0,0 +1,22 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-nfs
+@{exec_path} += /usr/libexec/gvfsd-nfs
+profile gvfsd-nfs @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  include if exists <local/gvfsd-nfs>
+}

apparmor.d/groups/gvfs/gvfsd-recent

@@ -0,0 +1,19 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-recent
+@{exec_path} += /usr/libexec/gvfsd-recent
+profile gvfsd-recent @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  owner @{HOME}/.local/share/recently-used.xbel r,
+
+  include if exists <local/gvfsd-recent>
+}

apparmor.d/groups/gvfs/gvfsd-sftp

@@ -0,0 +1,26 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-sftp
+@{exec_path} += /usr/libexec/gvfsd-sftp
+profile gvfsd-sftp @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/freedesktop.org>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  owner @{PROC}/@{pid}/fd/ r,
+
+  /dev/ptmx rw,
+
+  /{usr/,}bin/ssh rPx,
+
+  include if exists <local/gvfsd-sftp>
+}

apparmor.d/groups/gvfs/gvfsd-smb

@@ -0,0 +1,32 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-smb
+@{exec_path} += /usr/libexec/gvfsd-smb
+profile gvfsd-smb @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/freedesktop.org>
+
+  network netlink raw,
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+
+  @{exec_path} mr,
+
+  include <abstractions/dconf>
+  owner @{run}/user/[0-9]*/dconf/ rw,
+  owner @{run}/user/[0-9]*/dconf/user rw,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+
+  /etc/samba/smb.conf r,
+
+  include if exists <local/gvfsd-smb>
+}

apparmor.d/groups/gvfs/gvfsd-smb-browse

@@ -0,0 +1,31 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-smb-browse
+@{exec_path} += /usr/libexec/gvfsd-smb-browse
+profile gvfsd-smb-browse @{exec_path} {
+  include <abstractions/base>
+
+  network netlink raw,
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+
+  @{exec_path} mr,
+
+  include <abstractions/dconf>
+  owner @{run}/user/[0-9]*/dconf/ rw,
+  owner @{run}/user/[0-9]*/dconf/user rw,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+
+  /etc/samba/smb.conf r,
+
+  include if exists <local/gvfsd-smb-browse>
+}

apparmor.d/groups/gvfs/gvfsd-trash

@@ -0,0 +1,29 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path}  = /{usr/,}lib/gvfs/gvfsd-trash
+@{exec_path} += /usr/libexec/gvfsd-trash
+profile gvfsd-trash @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/freedesktop.org>
+  include <abstractions/trash>
+
+  # When mounting a SMB share
+  network inet stream,
+  network inet6 stream,
+
+  @{exec_path} mr,
+
+  owner @{PROC}/@{pid}/mountinfo r,
+  owner @{PROC}/@{pid}/mounts r,
+
+  @{run}/mount/utab r,
+
+  include if exists <local/gvfsd-trash>
+}