feat(profile): cleanup and remove open subprofile when it is useless.

apparmor.d/profiles-s-z/smtube

@@ -68,38 +68,11 @@ profile smtube @{exec_path} {
   @{bin}/youtube-dl rPUx,
   @{bin}/yt-dlp     rPUx,
 
-  @{bin}/xdg-open   rCx -> open,
-
-  # Allowed apps to open
-  @{lib}/firefox/firefox rPUx,
+  @{open_path}       rPx -> child-open,
 
   # file_inherit
   owner /dev/tty@{int} rw,
 
-
-  profile open {
-    include <abstractions/base>
-    include <abstractions/xdg-open>
-
-    @{bin}/xdg-open mr,
-
-    @{sh_path}             rix,
-    @{bin}/{m,g,}awk       rix,
-    @{bin}/readlink        rix,
-    @{bin}/basename        rix,
-
-    owner @{HOME}/ r,
-
-    owner @{run}/user/@{uid}/ r,
-
-    # Allowed apps to open
-    @{lib}/firefox/firefox rPUx,
-
-    # file_inherit
-    owner @{HOME}/.xsession-errors w,
-
-  }
-
   include if exists <local/smtube>
 }
 

apparmor.d/profiles-s-z/udiskie

@@ -26,7 +26,9 @@ profile udiskie @{exec_path} {
   @{bin}/python3.@{int} r,
 
   @{bin}/ r,
-  @{bin}/xdg-open rCx -> open,
+  @{open_path} rPx -> child-open,
+
+  /etc/fstab r,
 
   owner @{user_config_dirs}/udiskie/ r,
   owner @{user_config_dirs}/udiskie/config.yml r,
@@ -35,37 +37,9 @@ profile udiskie @{exec_path} {
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/mountinfo r,
 
-  /etc/fstab r,
-
-  # Allowed apps to open
-  @{bin}/spacefm rPx,
-
   # Silencer
   deny @{lib}/** w,
 
-  profile open {
-    include <abstractions/base>
-    include <abstractions/xdg-open>
-
-    @{bin}/xdg-open mr,
-
-    @{sh_path}             rix,
-    @{bin}/{m,g,}awk       rix,
-    @{bin}/readlink        rix,
-    @{bin}/basename        rix,
-
-    owner @{HOME}/ r,
-
-    owner @{run}/user/@{uid}/ r,
-
-    # Allowed apps to open
-    @{bin}/spacefm rPx,
-
-    # file_inherit
-    owner @{HOME}/.xsession-errors w,
-
-  }
-
   include if exists <local/udiskie>
 }
 

apparmor.d/profiles-s-z/xarchiver

@@ -42,7 +42,9 @@ profile xarchiver @{exec_path} {
   # For deb packages
   @{bin}/{,@{multiarch}-}ar rix,
 
-  @{bin}/xdg-open      rCx -> open,
+  @{path_open}         rPx -> child-open,
+
+  /etc/fstab r,
 
   owner @{user_config_dirs}/xarchiver/ rw,
   owner @{user_config_dirs}/xarchiver/xarchiverrc{,.*} rw,
@@ -58,46 +60,12 @@ profile xarchiver @{exec_path} {
         /tmp/ r,
   owner @{tmp}/** rw,
 
-  owner @{PROC}/@{pid}/fd/ r,
         @{PROC}/@{pid}/mountinfo r,
         @{PROC}/@{pid}/mounts r,
+  owner @{PROC}/@{pid}/fd/ r,
 
-  /etc/fstab r,
-
-  # Allowed apps to open
-  @{bin}/engrampa  rPUx,
-  @{bin}/geany     rPUx,
-  @{bin}/viewnior  rPUx,
-
-  # file_inherit
   owner /dev/tty@{int} rw,
 
-
-  profile open {
-    include <abstractions/base>
-    include <abstractions/xdg-open>
-
-    @{bin}/xdg-open mr,
-
-    @{sh_path}             rix,
-    @{bin}/{m,g,}awk       rix,
-    @{bin}/readlink        rix,
-    @{bin}/basename        rix,
-
-    owner @{HOME}/ r,
-
-    owner @{run}/user/@{uid}/ r,
-
-    # Allowed apps to open
-    @{bin}/engrampa  rPUx,
-    @{bin}/geany     rPUx,
-    @{bin}/viewnior  rPUx,
-
-    # file_inherit
-    owner @{HOME}/.xsession-errors w,
-
-  }
-
   include if exists <local/xarchiver>
 }