feat(profile): general update.

apparmor.d/profiles-a-f/cc-remote-login-helper

@@ -1,4 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/4.0>,

apparmor.d/profiles-a-f/file-roller

@@ -11,10 +11,8 @@ profile file-roller @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/common/gnome>
+  include <abstractions/deny-sensitive-home>
   include <abstractions/nameservice-strict>
-  include <abstractions/user-download-strict>
-  include <abstractions/user-read-strict>
-  include <abstractions/user-write-strict>
 
   #aa:dbus own bus=session name=org.gnome.ArchiveManager1
   #aa:dbus own bus=session name=org.gnome.FileRoller
@@ -23,6 +21,9 @@ profile file-roller @{exec_path} {
 
   @{open_path}  rPx -> child-open-help,
 
+  @{bin}/mv            rix,
+  @{bin}/rm            rix,
+
   # Archivers
   @{bin}/7z            rix,
   @{bin}/7zz           rix,
@@ -38,6 +39,11 @@ profile file-roller @{exec_path} {
   @{bin}/zstd          rix,
   @{lib}/p7zip/7z      rix,
 
+  # Full access to user's data
+  @{MOUNTS}/** rw,
+  owner @{HOME}/** rw,
+  owner @{tmp}/** rw,
+
   @{run}/mount/utab r,
 
   owner @{PROC}/@{pid}/mountinfo r,

apparmor.d/profiles-a-f/flatpak

@@ -62,6 +62,8 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
   owner @{HOME}/.var/ w,
   owner @{HOME}/.var/app/{,**} rw,
 
+  owner @{user_documents_dirs}/ rw,
+
   owner @{user_cache_dirs}/flatpak/{,**} rw,
   owner @{user_config_dirs}/pulse/client.conf r,
   owner @{user_config_dirs}/user-dirs.dirs r,