update apparmor profiles

Signed-off-by: Alexandre Pujol <alexandre@pujol.io>

apparmor.d/profiles-a-f/atril

@@ -30,8 +30,12 @@ profile atril @{exec_path} {
 
   @{exec_path} mr,
 
-  /usr/lib/x86_64-linux-gnu/webkit2gtk-4.0/WebKitNetworkProcess rix,
-  /usr/lib/x86_64-linux-gnu/webkit2gtk-4.0/WebKitWebProcess rix,
+  /{usr/,}bin/{,ba,da}sh      rix,
+
+  /{usr/,}bin/atril-previewer rPx,
+
+  /{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitNetworkProcess rix,
+  /{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitWebProcess     rix,
 
   # Which media files atril should be able to open
         / r,
@@ -52,6 +56,7 @@ profile atril @{exec_path} {
   owner @{run}/user/@{uid}/dconf/ rw,
   owner @{run}/user/@{uid}/dconf/user rw,
 
+       owner @{PROC}/@{pid}/fd/ r,
        owner @{PROC}/@{pid}/mountinfo r,
        owner @{PROC}/@{pid}/mounts r,
        owner @{PROC}/@{pid}/statm r,
@@ -59,24 +64,25 @@ profile atril @{exec_path} {
        owner @{PROC}/@{pid}/cgroup r,
              @{PROC}/zoneinfo r,
 
-  /sys/firmware/acpi/pm_profile r,
-  /sys/devices/virtual/dmi/id/chassis_type r,
-  /sys/fs/cgroup/** r,
+  @{sys}/firmware/acpi/pm_profile r,
+  @{sys}/devices/virtual/dmi/id/chassis_type r,
+  @{sys}/fs/cgroup/** r,
 
   /etc/fstab r,
 
-  /usr/share/poppler/** r,
+  /usr/share/poppler/{,**} r,
 
-  owner @{user_config_dirs}/atril/ rw,
-  owner @{user_config_dirs}/atril/* rw,
+  owner @{user_config_dirs}/atril/{,*} rw,
 
-  owner @{user_cache_dirs}/atril/ rw,
-  owner @{user_cache_dirs}/atril/** rw,
+  owner @{user_cache_dirs}/atril/{,**} rw,
 
   owner @{user_share_dirs}/gvfs-metadata/home r,
   owner @{user_share_dirs}/gvfs-metadata/home-*.log r,
 
   owner /tmp/gtkprint_* rw,
+  owner /tmp/settings*.ini rw,
+  owner /tmp/settings*.ini.* rw,
+
   owner /tmp/atril-@{pid}/ rw,
   owner /tmp/atril-@{pid}/*/ rw,
   owner /tmp/atril-@{pid}/*/mimetype rw,