From 0f017048e445cb21f764e480d332f64d79b0907d Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 22 Aug 2025 17:57:40 +0200
Subject: [PATCH] fix(profile): fix att path in flatpak

fix #820
---
 apparmor.d/groups/flatpak/flatpak            | 2 ++
 apparmor.d/groups/flatpak/flatpak-portal     | 4 ++--
 apparmor.d/groups/freedesktop/xdg-dbus-proxy | 4 ++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/apparmor.d/groups/flatpak/flatpak b/apparmor.d/groups/flatpak/flatpak
index 6b671f0e0..4122e8055 100644
--- a/apparmor.d/groups/flatpak/flatpak
+++ b/apparmor.d/groups/flatpak/flatpak
@@ -77,6 +77,8 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
 
   owner @{HOME}/.var/ w,
   owner @{HOME}/.var/app/{,**} rw,
+  owner @{att}/@{HOME}/.var/app/*/.local/share/*/logs/* rw,
+  owner @{att}/@{HOME}/.var/app/*/.local/share/*/**/usr/.ref rw,
 
   # Can create dotfile directories for any app
   owner @{user_cache_dirs}/*/ w,
diff --git a/apparmor.d/groups/flatpak/flatpak-portal b/apparmor.d/groups/flatpak/flatpak-portal
index 84e2d7964..ac1e41894 100644
--- a/apparmor.d/groups/flatpak/flatpak-portal
+++ b/apparmor.d/groups/flatpak/flatpak-portal
@@ -34,8 +34,8 @@ profile flatpak-portal @{exec_path} flags=(attach_disconnected) {
   owner /att/**/ r,
   owner @{att}/.flatpak-info r,
 
-  owner @{HOME}/.var/app/*/**/.ref rw,
-  owner @{HOME}/.var/app/*/**/logs/* rw,
+  owner @{att}/@{HOME}/.var/app/*/.local/share/*/logs/* rw,
+  owner @{att}/@{HOME}/.var/app/*/.local/share/*/**/usr/.ref rw,
 
   owner @{user_config_dirs}/user-dirs.dirs r,
   owner @{user_share_dirs}/mime/mime.cache r,
diff --git a/apparmor.d/groups/freedesktop/xdg-dbus-proxy b/apparmor.d/groups/freedesktop/xdg-dbus-proxy
index c6efaf360..be66f7484 100644
--- a/apparmor.d/groups/freedesktop/xdg-dbus-proxy
+++ b/apparmor.d/groups/freedesktop/xdg-dbus-proxy
@@ -29,8 +29,8 @@ profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) {
   @{exec_path} mr,
 
   owner @{att}/@{HOME}/.var/app/** r,
-  owner @{HOME}/.var/app/*/.local/share/*/logs/* rw,
-  owner @{HOME}/.var/app/*/.local/share/*/**/usr/.ref rw,
+  owner @{att}/@{HOME}/.var/app/*/.local/share/*/logs/* rw,
+  owner @{att}/@{HOME}/.var/app/*/.local/share/*/**/usr/.ref rw,
 
         @{att}/@{run}/systemd/inhibit/@{int}.ref rw,
   owner @{run}/firejail/dbus/@{int}/@{int}-{system,user} rw,