feat(profile): update dbus rules for Ubuntu.

apparmor.d/groups/freedesktop/dconf

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/dconf
 profile dconf @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus-session>
   include <abstractions/dconf-write>
 
   capability sys_nice,

apparmor.d/groups/freedesktop/pipewire-pulse

@@ -13,12 +13,15 @@ profile pipewire-pulse @{exec_path} flags=(attach_disconnected) {
   include <abstractions/audio-client>
   include <abstractions/bus-session>
   include <abstractions/bus-system>
+  include <abstractions/bus/org.freedesktop.RealtimeKit1>
   include <abstractions/nameservice-strict>
 
   capability sys_ptrace,
 
   ptrace read,
 
+  #aa:dbus own bus=session name=org.pulseaudio.Server
+
   @{exec_path} mr,
 
   @{bin}/pactl rix,

apparmor.d/groups/freedesktop/polkit-kde-authentication-agent

@@ -11,8 +11,10 @@ include <tunables/global>
 @{exec_path} += @{lib}/polkit-kde-authentication-agent-[0-9]
 profile polkit-kde-authentication-agent @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
+  include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
   include <abstractions/bus-system>
+  include <abstractions/bus/org.a11y>
   include <abstractions/consoles>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/graphics>

apparmor.d/groups/freedesktop/wireplumber

@@ -32,6 +32,11 @@ profile wireplumber @{exec_path} {
        member=Introspect
        peer=(name=:*, label=gnome-shell),
 
+  dbus receive bus=system path=/midi{,server@{int}}
+       interface=org.freedesktop.DBus.ObjectManager
+       member=GetManagedObjects
+       peer=(name=@{busname}, label="@{p_bluetoothd}"),
+
   @{exec_path} mr,
 
   /opt/intel/oneapi/{compiler,lib,mkl}/**/ r,

apparmor.d/groups/freedesktop/xdg-desktop-portal

@@ -52,6 +52,8 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
 
   #aa:dbus own bus=session name=org.freedesktop.background.Monitor path=/org/freedesktop/background/monitor
 
+  #aa:dbus talk bus=session name=org.freedesktop.FileManager1 label=nautilus
+  #aa:dbus talk bus=session name=org.freedesktop.impl.portal.FileChooser label=xdg-desktop-portal-gnome
   #aa:dbus talk bus=session name=org.freedesktop.portal.Documents path=/org/freedesktop/portal/documents label=xdg-document-portal
 
   dbus receive bus=session

apparmor.d/groups/freedesktop/xdg-document-portal

@@ -30,7 +30,8 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
 
   unix (send receive) type=stream peer=(label=xdg-document-portal//fusermount),
 
-  #aa:dbus own bus=session name=org.freedesktop.portal.Documents path=/org/freedesktop/portal/documents
+  #aa:dbus own bus=session name=org.freedesktop.portal.{Documents,FileTransfer} path=/org/freedesktop/portal/documents
+  #aa:dbus talk bus=session name=org.freedesktop.impl.portal.PermissionStore label=xdg-permission-store
 
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable

apparmor.d/groups/gnome/evolution-addressbook-factory

@@ -55,6 +55,11 @@ profile evolution-addressbook-factory @{exec_path} {
        member=Introspect
        peer=(name=@{busname}, label=gnome-shell),
 
+  dbus receive bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=@{busname}, label=obexd),
+
   @{exec_path} mr,
   @{exec_path}-subprocess rix,
 

apparmor.d/groups/gnome/gjs-console

@@ -17,8 +17,10 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
   include <abstractions/bus-system>
+  include <abstractions/bus/org.a11y>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/bus/org.gnome.Shell.Introspect>
+  include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/consoles>
   include <abstractions/dconf-write>

apparmor.d/groups/gnome/gnome-calendar

@@ -23,7 +23,6 @@ profile gnome-calendar @{exec_path} {
   network netlink raw,
 
   #aa:dbus own bus=session name=org.gnome.Calendar
-  #aa-dbus own bus=session name=org.gnome.Calendar.SearchProvider interface+=org.gnome.Shell.SearchProvider2
 
   #aa:dbus talk bus=session name=org.gnome.evolution.dataserver.AddressBook@{int} label=evolution-addressbook-factory
   #aa:dbus talk bus=session name=org.gnome.evolution.dataserver.Calendar@{int} label=evolution-calendar-factory
@@ -32,6 +31,7 @@ profile gnome-calendar @{exec_path} {
   #aa:dbus talk bus=session name=org.gnome.evolution.dataserver.Sources@{int} label=evolution-source-registry
   #aa:dbus talk bus=session name=org.gnome.OnlineAccounts label=goa-daemon
   #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.Color label=gsd-color
+  #aa:dbus talk bus=session name=org.gnome.Shell.SearchProvider2 path=/org/gnome/Calendar/SearchProvider label=gnome-shell
   #aa:dbus talk bus=system name=org.freedesktop.GeoClue2 label="@{p_geoclue}"
 
   dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**}

apparmor.d/groups/gnome/gnome-characters

@@ -11,13 +11,13 @@ profile gnome-characters @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-system>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
+  include <abstractions/bus/org.gnome.Shell.SearchProvider2>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/common/gnome>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/nameservice-strict>
 
   #aa:dbus own bus=session name=org.gnome.Characters
-  #aa-dbus talk bus=session name=org.gnome.Shell.SearchProvider2 label=gnome-shell
 
   @{exec_path} mr,
 

apparmor.d/groups/gnome/gnome-control-center

@@ -14,6 +14,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus-session>
   include <abstractions/bus-system>
   include <abstractions/bus/org.a11y>
+  include <abstractions/bus/org.freedesktop.Avahi>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/cups-client>
@@ -42,9 +43,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   #aa:dbus talk bus=session name=org.freedesktop.impl.portal.PermissionStore label=xdg-permission-store
   #aa:dbus talk bus=session name=org.gnome.Mutter label=gnome-shell
   #aa:dbus talk bus=session name=org.gnome.SessionManager label=gnome-session-binary
-  #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.Color label=gsd-color
+  #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.* label="gsd-*"
-  #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.Power label=gsd-power
-  #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.Rfkill label=gsd-rfkill
   #aa:dbus talk bus=session name=org.gnome.Shell label=gnome-shell
 
   #aa:dbus talk bus=system name=com.ubuntu.WhoopsiePreferences label=whoopsie-preferences

apparmor.d/groups/gnome/gnome-extension-gsconnect

@@ -17,6 +17,8 @@ profile gnome-extension-gsconnect @{exec_path} {
   include <abstractions/bus-session>
   include <abstractions/bus-system>
   include <abstractions/bus/org.a11y>
+  include <abstractions/bus/org.freedesktop.FileManager1>
+  include <abstractions/bus/org.freedesktop.hostname1>
   include <abstractions/bus/org.freedesktop.login1.Session>
   include <abstractions/bus/org.freedesktop.NetworkManager>
   include <abstractions/bus/org.gtk.Notifications>

apparmor.d/groups/gnome/gnome-shell

@@ -25,7 +25,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/bus/org.freedesktop.impl.portal.PermissionStore>
   include <abstractions/bus/org.freedesktop.locale1>
   include <abstractions/bus/org.freedesktop.login1.Session>
-  include <abstractions/bus/org.freedesktop.NetworkManager>
   include <abstractions/bus/org.freedesktop.Notifications>
   include <abstractions/bus/org.freedesktop.PackageKit>
   include <abstractions/bus/org.freedesktop.PolicyKit1>
@@ -87,7 +86,8 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   #aa:dbus talk bus=system name=org.freedesktop.bolt label=boltd
   #aa:dbus talk bus=system name=org.freedesktop.ColorManager label="@{p_colord}"
   #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}"
-  #aa:dbus talk bus=system name=org.freedesktop.UPower.PowerProfiles label=@{p_power_profiles_daemon}
+  #aa:dbus talk bus=system name=org.freedesktop.NetworkManager label=NetworkManager
+  #aa:dbus talk bus=system name=org.freedesktop.UPower.PowerProfiles label="@{p_power_profiles_daemon}"
   #aa:dbus talk bus=system name=org.gnome.DisplayManager label=gdm
 
   #aa:dbus talk bus=session name=com.rastersoft.ding label=gnome-extension-ding

apparmor.d/groups/gnome/gnome-software

@@ -9,6 +9,12 @@ include <tunables/global>
 @{exec_path} = @{bin}/gnome-software
 profile gnome-software @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus-system>
+  include <abstractions/bus/org.freedesktop.Accounts>
+  include <abstractions/bus/org.freedesktop.NetworkManager>
+  include <abstractions/bus/org.gnome.Shell.SearchProvider2>
+  include <abstractions/bus/org.gtk.Notifications>
+  include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/common/gnome>
   include <abstractions/fontconfig-cache-write>
   include <abstractions/nameservice-strict>
@@ -24,6 +30,11 @@ profile gnome-software @{exec_path} {
   mount fstype=fuse.revokefs-fuse options=(rw, nosuid, nodev) -> /var/tmp/flatpak-cache-*/*/,
   umount /var/tmp/flatpak-cache-*/*/,
 
+  #aa:dbus own bus=session name=org.freedesktop.PackageKit
+  #aa:dbus own bus=session name=org.gnome.Software interface+=org.freedesktop.Application
+
+  #aa:dbus talk bus=system name=org.freedesktop.PackageKit path=/ label="@{p_packagekitd}"
+
   @{exec_path} mr,
 
   @{bin}/baobab              rPUx,

apparmor.d/groups/gnome/gnome-system-monitor

@@ -9,6 +9,10 @@ include <tunables/global>
 @{exec_path} = @{bin}/gnome-system-monitor
 profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus/org.freedesktop.portal.Desktop>
+  include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
+  include <abstractions/bus/org.gtk.vfs.Daemon>
+  include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/common/gnome>
   include <abstractions/nameservice-strict>
 

apparmor.d/groups/gnome/gsd-media-keys

@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = @{lib}/gsd-media-keys
 profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/audio-client>
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
@@ -21,6 +20,8 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
   include <abstractions/bus/org.gnome.SessionManager>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
+  include <abstractions/bus/org.mpris.MediaPlayer2.Player>
+  include <abstractions/consoles>
   include <abstractions/dconf-write>
   include <abstractions/fontconfig-cache-write>
   include <abstractions/gnome-strict>
@@ -38,7 +39,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
   dbus send bus=system path=/org/freedesktop/login1
        interface=org.freedesktop.login1.Manager
        member=PowerOff
-       peer=(name=:*, label="@{p_systemd_logind}"),
+       peer=(name=@{busname}, label="@{p_systemd_logind}"),
 
   dbus send bus=session path=/
        interface=org.freedesktop.DBus
@@ -48,17 +49,12 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
   dbus send bus=session path=/org/gnome/SettingsDaemon/Power
        interface=org.freedesktop.DBus.Properties
        member=GetAll
-       peer=(name=:*, label=gsd-power),
+       peer=(name=@{busname}, label=gsd-power),
 
   dbus receive bus=session path=/org/gnome/SettingsDaemon/Power
        interface=org.freedesktop.DBus.Properties
        member=PropertiesChanged
-       peer=(name=:*, label=gsd-power),
+       peer=(name=@{busname}, label=gsd-power),
-
-  dbus send bus=session path=/org/mpris/MediaPlayer2
-       interface=org.freedesktop.DBus.Properties
-       member=GetAll
-       peer=(name=:*),
 
   @{exec_path} mr,
 

apparmor.d/groups/gnome/gsd-power

@@ -18,6 +18,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.freedesktop.hostname1>
   include <abstractions/bus/org.freedesktop.login1.Session>
   include <abstractions/bus/org.freedesktop.login1>
+  include <abstractions/bus/org.freedesktop.Notifications>
   include <abstractions/bus/org.freedesktop.systemd1>
   include <abstractions/bus/org.freedesktop.UPower.PowerProfiles>
   include <abstractions/bus/org.freedesktop.UPower>

apparmor.d/groups/gnome/gsd-print-notifications

@@ -30,7 +30,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
 
   dbus receive bus=system path=/org/cups/cupsd/Notifier
        interface=org.cups.cupsd.Notifier
-       member=ServerStarted
+       member={ServerStarted,PrinterDeleted,PrinterStopped}
        peer=(name=@{busname}, label=cups-notifier-dbus),
 
   dbus receive bus=session
@@ -38,6 +38,24 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
        member=Introspect
        peer=(name=@{busname}, label=gnome-shell),
 
+  dbus send bus=system path=/
+       interface=org.freedesktop.Avahi.Server
+       member=RecordBrowserNew
+       peer=(name=org.freedesktop.Avahi, label=avahi-daemon),
+  dbus send bus=system path=/Client@{int}/RecordBrowser@{int}
+       interface=org.freedesktop.Avahi.RecordBrowser
+       member=Free
+       peer=(name=org.freedesktop.Avahi, label=avahi-daemon),
+
+  dbus receive bus=system path=/Client@{int}/RecordBrowser@{int}
+       interface=org.freedesktop.Avahi.RecordBrowser
+       member={CacheExhausted,ItemNew}
+       peer=(name=@{busname}, label=avahi-daemon),
+  dbus receive bus=system path=/Client4/RecordBrowser3
+       interface=org.freedesktop.Avahi.RecordBrowser
+       member=ItemNew
+       peer=(name=@{busname}, label=avahi-daemon),
+
   @{exec_path} mr,
   @{lib}/gsd-printer rPx,
 

apparmor.d/groups/gnome/gsd-xsettings

@@ -36,10 +36,20 @@ profile gsd-xsettings @{exec_path} {
 
   #aa:dbus talk bus=session name=org.gnome.Mutter.X11 label=gnome-shell
 
+  dbus send bus=session path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus
+       member=GetId
+       peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"),
+
+  dbus receive bus=system path=/org/freedesktop/Accounts
+       interface=org.freedesktop.Accounts
+       member=UserAdded
+       peer=(name=@{busname}, label="@{p_accounts_daemon}"),
+
   dbus send bus=system path=/org/freedesktop/Accounts/User@{uid}
        interface=org.freedesktop.Accounts.User
        member=SetInputSources
-       peer=(name=:*, label="@{p_accounts_daemon}"),
+       peer=(name=@{busname}, label="@{p_accounts_daemon}"),
 
   @{exec_path} mr,
   @{sh_path} mr,

apparmor.d/groups/gnome/loupe

@@ -12,6 +12,8 @@ profile loupe @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
   include <abstractions/bus-system>
+  include <abstractions/bus/org.a11y>
+  include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/dconf-write>
   include <abstractions/gnome-strict>
   include <abstractions/graphics>

apparmor.d/groups/gnome/nautilus

@@ -31,9 +31,10 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   unix type=stream peer=(label=gnome-shell),
 
   #aa:dbus own bus=session name=org.freedesktop.FileManager1
-  #aa:dbus own bus=session name=org.gnome.Nautilus interface+="org.gtk.{Application,Actions}"
+  #aa:dbus own bus=session name=org.gnome.Nautilus interface+=org.gtk.{Application,Actions}
   #aa:dbus own bus=session name=org.gnome.Nautilus.SearchProvider interface+=org.gnome.Shell.SearchProvider2
 
+  #aa:dbus talk bus=session name=org.freedesktop.Application path=/ label="*"
   #aa:dbus talk bus=session name=org.gnome.Settings label=gnome-control-center
   #aa:dbus talk bus=session name=org.gtk.MountOperationHandler label=gnome-shell
   #aa:dbus talk bus=session name=org.gtk.Notifications label=gnome-shell
@@ -49,6 +50,11 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
        member=Print
        peer=(name=@{busname}, label=nautilus),
 
+  dbus send bus=session path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"),
+
   dbus send bus=session path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus
        member=ListActivatableNames

apparmor.d/groups/gnome/papers

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/papers
 profile papers @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/common/gnome>
   include <abstractions/ssl_certs>
   include <abstractions/user-download-strict>

apparmor.d/groups/gnome/ptyxis

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/ptyxis
 profile ptyxis @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/common/gnome>
   include <abstractions/consoles>
 

apparmor.d/groups/gnome/ptyxis-agent

@@ -9,9 +9,12 @@ include <tunables/global>
 @{exec_path} = @{lib}/ptyxis-agent
 profile ptyxis-agent @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus-session>
+  include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/consoles>
-  include <abstractions/nameservice-strict>
   include <abstractions/dconf-write>
+  include <abstractions/gsettings>
+  include <abstractions/nameservice-strict>
 
   signal send set=hup peer=unconfined,
 

apparmor.d/groups/network/wg-quick

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/wg-quick
 profile wg-quick @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus-system>
   include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 

apparmor.d/groups/polkit/polkit-agent-helper

@@ -35,12 +35,12 @@ profile polkit-agent-helper @{exec_path} flags=(attach_disconnected) {
   dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
        interface=org.freedesktop.DBus.Properties
        member=GetAll
-       peer=(name=:*, label="@{p_polkitd}"),
+       peer=(name=@{busname}, label="@{p_polkitd}"),
 
   dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
        interface=org.freedesktop.PolicyKit1.Authority
        member=AuthenticationAgentResponse2
-       peer=(name=:*, label="@{p_polkitd}"),
+       peer=(name=@{busname}, label="@{p_polkitd}"),
 
   @{exec_path} mr,
 

apparmor.d/groups/systemd/resolvectl

@@ -21,8 +21,15 @@ profile resolvectl @{exec_path} flags=(attach_disconnected) {
 
   signal send set=cont peer=child-pager,
 
+  unix bind type=stream addr=@@{udbus}/bus/resolvconf/system,
+
   #aa:dbus talk bus=system name=org.freedesktop.resolve1 label="@{p_systemd_resolved}"
+
   #aa:dbus talk bus=system name=org.freedesktop.network1 label="@{p_systemd_networkd}"
+  dbus send bus=system path=/org/freedesktop/network1
+       interface=org.freedesktop.network1.Manager
+       member=SetLinkDNSEx
+       peer=(name=org.freedesktop.network1),
 
   @{exec_path} mr,
 

apparmor.d/groups/ubuntu/software-properties-gtk

@@ -9,19 +9,23 @@ include <tunables/global>
 @{exec_path} = @{bin}/software-properties-gtk
 profile software-properties-gtk @{exec_path} {
   include <abstractions/base>
-  include <abstractions/common/apt>
+  include <abstractions/audio-client>
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
   include <abstractions/bus-system>
   include <abstractions/bus/org.a11y>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
+  include <abstractions/bus/org.gtk.vfs.MountTracker>
+  include <abstractions/common/apt>
   include <abstractions/dconf-write>
   include <abstractions/gnome-strict>
   include <abstractions/nameservice-strict>
   include <abstractions/python>
 
   #aa:dbus own bus=session name=com.ubuntu.SoftwareProperties
+
   #aa:dbus talk bus=system name=com.canonical.UbuntuAdvantage label=ubuntu-advantage-desktop-daemon
+  #aa:dbus talk bus=system name=com.ubuntu.SoftwareProperties path=/ label=software-properties-dbus
 
   @{exec_path} mr,
 

apparmor.d/groups/ubuntu/update-notifier

@@ -14,6 +14,7 @@ profile update-notifier @{exec_path} {
   include <abstractions/bus-session>
   include <abstractions/bus-system>
   include <abstractions/bus/org.a11y>
+  include <abstractions/bus/org.freedesktop.Notifications>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/bus/org.kde.StatusNotifierWatcher>
   include <abstractions/common/apt>

apparmor.d/profiles-a-f/alacarte

@@ -9,6 +9,9 @@ include <tunables/global>
 @{exec_path} = @{bin}/alacarte
 profile alacarte @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus-accessibility>
+  include <abstractions/bus-session>
+  include <abstractions/bus/org.a11y>
   include <abstractions/dconf-write>
   include <abstractions/desktop>
   include <abstractions/python>

apparmor.d/profiles-a-f/element-desktop

@@ -17,6 +17,7 @@ profile element-desktop @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/audio-client>
   include <abstractions/bus-session>
+  include <abstractions/bus/com.canonical.Unity.LauncherEntry>
   include <abstractions/bus/org.freedesktop.ScreenSaver>
   include <abstractions/bus/org.kde.StatusNotifierWatcher>
   include <abstractions/common/electron>

apparmor.d/profiles-g-l/libreoffice

@@ -18,6 +18,8 @@ profile libreoffice @{exec_path} {
   include <abstractions/bus/org.freedesktop.Avahi>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/bus/org.gnome.SessionManager>
+  include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
+  include <abstractions/bus/org.gtk.vfs.Daemon>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/cups-client>
   include <abstractions/dconf-write>

apparmor.d/profiles-m-r/pinentry-gnome3

@@ -10,9 +10,11 @@ include <tunables/global>
 profile pinentry-gnome3 @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>
+  include <abstractions/bus/org.gnome.keyring.internal.Prompter>
+  include <abstractions/bus/org.gnome.ScreenSaver>
   include <abstractions/consoles>
 
-  signal (receive) set=(int) peer=gpg-agent,
+  signal receive set=int,
 
   @{exec_path} mr,
 

apparmor.d/profiles-s-z/spotify

@@ -21,10 +21,13 @@ profile spotify @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus-session>
   include <abstractions/bus/org.a11y>
   include <abstractions/bus/org.freedesktop.Notifications>
+  include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/bus/org.freedesktop.ScreenSaver>
   include <abstractions/bus/org.freedesktop.secrets>
+  include <abstractions/bus/org.gnome.SettingsDaemon.MediaKeys>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/bus/org.kde.StatusNotifierWatcher>
+  include <abstractions/bus/org.mpris.MediaPlayer2.Player>
   include <abstractions/bus/session/org.freedesktop.systemd1>
   include <abstractions/common/electron>
   include <abstractions/devices-usb-read>
@@ -36,8 +39,16 @@ profile spotify @{exec_path} flags=(attach_disconnected) {
   network netlink raw,
 
   #aa:dbus own bus=session name=org.mpris.MediaPlayer2.spotify
+
   #aa:dbus talk bus=session name=org.ayatana.NotificationItem label=gnome-shell
   #aa:dbus talk bus=session name=org.freedesktop.portal.{d,D}esktop label=xdg-desktop-portal
+  #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.MediaKeys label=gsd-media-keys
+
+  dbus send bus=session path=/org/freedesktop/portal/desktop
+       interface=org.freedesktop.portal.Secret
+       member=RetrieveSecret
+       peer=(name=org.freedesktop.portal.Desktop, label=xdg-desktop-portal),
+
 
   @{exec_path} mrix,
 

apparmor.d/profiles-s-z/superproductivity

@@ -6,7 +6,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{name} = super{p,P}roductivity
+@{name} = super{p,P}roductivity Super?Productivity
 @{domain} = org.chromium.Chromium
 @{lib_dirs} = /opt/@{name}
 @{config_dirs} = @{user_config_dirs}/@{name}
@@ -16,7 +16,16 @@ include <tunables/global>
 profile superproductivity @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/audio-client>
+  include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
+  include <abstractions/bus/com.canonical.dbusmenu>
+  include <abstractions/bus/org.a11y>
+  include <abstractions/bus/org.freedesktop.Notifications>
+  include <abstractions/bus/org.freedesktop.portal.Desktop>
+  include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
+  include <abstractions/bus/org.gnome.SessionManager>
+  include <abstractions/bus/org.gtk.vfs.MountTracker>
+  include <abstractions/bus/org.kde.StatusNotifierItem>
   include <abstractions/common/electron>
 
   network inet stream,