Update profiles.

apparmor.d/groups/gnome/gdm-session-worker

@@ -25,7 +25,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
   capability sys_tty_config,
 
   signal (receive) set=term peer=gdm,
-  signal (send) set=hup peer=at-spi-bus-launcher,
+  signal (send) set=hup peer=at-spi*,
   signal (send) set=hup peer=dbus-daemon,
   signal (send) set=hup peer=gjs-console,
   signal (send) set=hup peer=gnome-*,

apparmor.d/groups/gnome/gjs-console

@@ -19,7 +19,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
 
   network netlink raw,
 
-  signal (receive) set=term peer=gdm,
+  signal (receive) set=(term hup) peer=gdm*,
 
   @{exec_path} mr,
   /{usr/,}bin/          r,

apparmor.d/groups/gnome/gnome-control-center

@@ -52,6 +52,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   /etc/machine-id r,
   /var/lib/dbus/machine-id r,
 
+  owner @{HOME}/.cat_installer/ca.pem r,
   owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
   owner @{user_cache_dirs}/gnome-control-center/{,**} rw,
   owner @{user_cache_dirs}/mesa_shader_cache/index rw,
@@ -69,6 +70,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   owner @{run}/user/@{uid}/dconf/ rw,
   owner @{run}/user/@{uid}/dconf/user rw,
 
+  owner @{run}/user/@{uid}/gnome-shell-disable-extensions w,
   owner @{run}/user/@{uid}/webkitgtk/{,**} rw,
         @{run}/systemd/users/@{uid} r,
         @{run}/systemd/sessions/ r,
@@ -77,6 +79,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   @{run}/udev/data/+input* r,       # for mouse, keyboard, touchpad
   @{run}/udev/data/+pci* r,
   @{run}/udev/data/c13:[0-9]* r,    # for /dev/input/*
+  @{run}/udev/data/c235:[0-9]* r,
   @{run}/udev/data/n[0-9]* r,
 
   @{sys}/bus/ r,

apparmor.d/groups/gnome/gnome-shell

@@ -70,7 +70,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   owner @{user_config_dirs}/.goutputstream{,*} rw,
   owner @{user_config_dirs}/ibus/* r,
   owner @{user_config_dirs}/ibus/bus/[0-9a-f]*-unix-wayland-[0-9] r,
-  owner @{user_config_dirs}/monitors.xml rw,
+  owner @{user_config_dirs}/monitors.xml{,~} rwl,
   /var/lib/gdm/.config/ibus/bus/[0-9a-f]*-unix-wayland-[0-9] r,
 
   owner @{user_share_dirs}/backgrounds/{,**} rw,

apparmor.d/groups/gnome/gsd-media-keys

@@ -23,12 +23,14 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
   /etc/machine-id r,
   /var/lib/dbus/machine-id r,
 
-  /usr/share/sounds/freedesktop/stereo/*.oga r,
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/icons/{,**} r,
+  /usr/share/mime/mime.cache r,
+  /usr/share/sounds/freedesktop/stereo/*.oga r,
   /usr/share/X11/xkb/** r,
 
+  owner @{user_share_dirs}/ r,
   owner @{user_share_dirs}/event-sound-cache.tdb.* rwk,
   owner @{user_share_dirs}/recently-used.xbel{,.*} rw,
 

apparmor.d/groups/gnome/gsd-xsettings

@@ -23,7 +23,8 @@ profile gsd-xsettings @{exec_path} {
   network netlink raw,
 
   @{exec_path} mr,
-  /{usr/,}bin/xrdb rPx,
+  /{usr/,}bin/xrdb   rPx,
+  /{usr/,}bin/pactl  rPx,
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 

apparmor.d/groups/gnome/tracker-extract

@@ -16,11 +16,12 @@ profile tracker-extract @{exec_path} {
 
   @{exec_path} mr,
 
-  /usr/share/tracker3/{,**} r,
-  /usr/share/tracker3-miners/{,**} r,
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/applications/*.desktop r,
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/mime/mime.cache r,
+  /usr/share/osinfo/{,**} r,
+  /usr/share/tracker3-miners/{,**} r,
+  /usr/share/tracker3/{,**} r,
 
   owner /tmp/tracker-extract-3-files.*/{,*} rw,
   owner @{user_cache_dirs}/tracker3/files/{,**} rwk,
@@ -37,7 +38,10 @@ profile tracker-extract @{exec_path} {
   owner @{run}/user/@{uid}/dconf/ rw,
   owner @{run}/user/@{uid}/dconf/user rw,
 
+  @{run}/udev/data/c235:* r,
   @{run}/udev/data/c236:* r,
 
+  /dev/video[0-9]* rw,
+
   include if exists <local/tracker-extract>
 }