feat(profile): include more rule from #94.

apparmor.d/groups/freedesktop/colord-sane

@@ -13,6 +13,7 @@ profile colord-sane @{exec_path} flags=(attach_disconnected,complain) {
   include <abstractions/base>
   include <abstractions/dbus-strict>
   include <abstractions/devices-usb>
+  include <abstractions/openssl>
 
   network inet dgram,
   network inet6 dgram,

apparmor.d/groups/freedesktop/geoclue

@@ -13,6 +13,10 @@ profile geoclue @{exec_path} flags=(attach_disconnected) {
   include <abstractions/ssl_certs>
   include <abstractions/dbus-strict>
 
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
   network netlink raw,
 
   dbus (send,receive) bus=system path=/org/freedesktop/GeoClue2/{Agent,Manager}

apparmor.d/groups/freedesktop/pipewire

@@ -61,6 +61,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
 
   owner @{run}/user/@{uid}/pipewire-[0-9]*.lock rwk,
 
+  @{run}/udev/data/c236:[0-9]* r,
   @{run}/udev/data/c50[0-9]:[0-9]* r,
   @{run}/udev/data/c81:[0-9]*  r,       # For video4linux
 

apparmor.d/groups/freedesktop/plymouthd

@@ -13,6 +13,7 @@ profile plymouthd @{exec_path} {
   include <abstractions/dri-common>
 
   capability sys_admin,
+  capability sys_chroot,
   capability sys_tty_config,
 
   network netlink raw,
@@ -46,6 +47,7 @@ profile plymouthd @{exec_path} {
   @{sys}/devices/virtual/graphics/fbcon/uevent r,
   @{sys}/devices/virtual/tty/console/active r,
   @{sys}/firmware/acpi/bgrt/{,*} r,
+  @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
 
   @{PROC}/cmdline r,
 

apparmor.d/groups/freedesktop/xwayland

@@ -29,6 +29,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/egl/{,**} r,
   /usr/share/fonts/X11/{,**} r,
+  /usr/share/libdrm/*.ids r,
   /usr/share/X11/xkb/rules/evdev r,
 
   owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw,