From 1e55809689a73041de54b0719a7e3f9c59666296 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Wed, 5 Jun 2024 16:08:36 +0200
Subject: [PATCH] Create pcmanfm-qt

---
 apparmor.d/groups/lxqt/pcmanfm-qt | 89 +++++++++++++++++++++++++++++++
 1 file changed, 89 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/pcmanfm-qt

diff --git a/apparmor.d/groups/lxqt/pcmanfm-qt b/apparmor.d/groups/lxqt/pcmanfm-qt
new file mode 100644
index 000000000..7108a4639
--- /dev/null
+++ b/apparmor.d/groups/lxqt/pcmanfm-qt
@@ -0,0 +1,89 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/pcmanfm-qt
+profile pcmanfm-qt @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/gtk>
+  include <abstractions/lxqt>
+  include <abstractions/fontconfig-cache-read>
+  include <abstractions/nameservice-strict>
+  include <abstractions/thumbnails-cache-read>
+  include <abstractions/disks-read>
+  include <abstractions/consoles>
+  include <abstractions/qt5>
+  include <abstractions/app-launcher-user>
+  include <abstractions/app-launcher-root>
+
+  signal (send)    set=(term, kill),
+  signal (receive) set=(term, kill) peer=lxqt-session,
+
+  network inet stream,
+  network netlink raw,
+
+  @{exec_path} 				mr,
+#  @{bin}/xdg-open 				rPx,
+
+        /         r,
+        /boot/    r,
+        /boot/**  r,
+  owner /boot/**  rw,
+        /etc/     r,
+        /etc/**   r,
+  owner /etc/**   rw,
+        /home/    r,
+        /home/**  r,
+        /home/**  rw,
+        /lost+found/ r,
+        /lost+found/** r,
+  owner /lost+found/** rw,
+        @{MOUNTS}/   r,
+        @{MOUNTS}/** r,
+  owner @{MOUNTS}/** rw,
+        /opt/     r,
+        /opt/**   r,
+  owner /opt/**   rw,
+        /root/    r,
+        /root/**  r,
+  owner /root/**  rw,
+        @{run}/   r,
+        @{run}/** r,
+  owner @{run}/** rw,
+        /srv/     r,
+        /srv/**   r,
+  owner /srv/**   rw,
+        /tmp/     r,
+        /tmp/**   r,
+  owner /tmp/**   rw,
+        /usr/     r,
+        /usr/**   r,
+  owner /usr/**   rw,
+        /var/     r,
+        /var/**   r,
+  owner /var/**   rw,
+
+   owner @{user_cache_dirs}/pcmanfm-qt/**               r,
+   owner @{user_config_dirs}/pcmanfm-qt/lxqt/{,**}      r,
+   owner @{user_config_dirs}/pcmanfm-qt/lxqt/recent-files.conf.lock rwk,
+   owner @{user_config_dirs}/pcmanfm-qt/qterminal.org/**  rwkl ->  @{user_config_dirs}/qterminal.org/#@{int},
+   owner @{user_config_dirs}/pcmanfm-qt/lxqt/** rwkl -> @{user_config_dirs}/pcmanfm-qt/lxqt/#@{int},
+
+  @{sys}/bus/                           r,
+  @{sys}/class/                         r,
+  @{sys}/devices/@{pci_bus}/**          r,
+  @{sys}/devices/system/node/           r,
+  @{sys}/devices/system/node/node@{int}/meminfo         r,
+  @{sys}/fs/cgroup/{,**}                r,
+
+  owner @{PROC}/@{pid}/mountinfo        r,
+  owner @{PROC}/@{pid}/mounts           r,
+  owner @{PROC}/@{pid}/fd/              r,
+  owner @{PROC}/@{pid}/cgroup           r,
+
+}