feat(profiles): general update.

apparmor.d/groups/kde/drkonqi

@@ -17,10 +17,19 @@ profile drkonqi @{exec_path} {
   network inet6 stream,
   network netlink raw,
 
+  signal send set=(cont, stop) peer=/usr/bin/akonadiserver,
+
+  ptrace read peer=/usr/bin/akonadiserver,
+
   @{exec_path} mr,
 
   /usr/share/drkonqi/{,**} r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
+  /usr/share/knotifications5/*.notifyrc r,
+
+  owner @{user_cache_dirs}/kcrash-metadata/* w,
+
+  owner /tmp/xauth_@{rand6} r,
 
   @{run}/user/@{uid}/xauth_@{rand6} rl,
 

apparmor.d/groups/kde/kactivitymanagerd

@@ -16,18 +16,29 @@ profile kactivitymanagerd @{exec_path} {
 
   @{exec_path} mr,
 
+  /etc/xdg/menus/{,*/} r,
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
+  /usr/share/kservices5/{,**} r,
 
   /etc/xdg/kdeglobals r,
   /etc/machine-id r,
 
-  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
-  owner @{user_config_dirs}/kdeglobals r,
+  owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
+  owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r,
+
+  owner @{user_cache_dirs}/ksycoca5_* r,
+
   owner @{user_config_dirs}/kactivitymanagerdrc r,
   owner @{user_config_dirs}/kactivitymanagerdrc.lock rwk,
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/menus/ r,
+  owner @{user_config_dirs}/menus/applications-merged/ r,
 
   owner @{user_share_dirs}/kactivitymanagerd/{,**} rwlk,
+  owner @{user_share_dirs}/kservices5/{,**} r,
+  owner @{user_share_dirs}/RecentDocuments/ r,
   owner @{user_share_dirs}/RecentDocuments/*.desktop w,
 
   @{PROC}/sys/kernel/core_pattern r,

apparmor.d/groups/kde/kcminit

@@ -45,6 +45,9 @@ profile kcminit @{exec_path} {
   owner /tmp/kcminit.@{rand6} rwl,
   owner /tmp/#@{int} rw,
 
+  owner /tmp/.touchpaddefaults wl,
+  owner /tmp/.touchpaddefaults.lock rwk,
+
   @{run}/user/@{uid}/xauth_@{rand6} rl,
 
   @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/groups/kde/kded5

@@ -104,6 +104,7 @@ profile kded5 @{exec_path} {
   owner @{user_share_dirs}/kcookiejar/cookies.@{rand6} rwlk,
   owner @{user_share_dirs}/kded5/{,**} rw,
   owner @{user_share_dirs}/kscreen/{,**} rwl,
+  owner @{user_share_dirs}/kservices5/{,**} r,
   owner @{user_share_dirs}/ktp/cache.db rwk,
   owner @{user_share_dirs}/remoteview/ r,
   owner @{user_share_dirs}/services5/{,**} r,

apparmor.d/groups/kde/kioslave5

@@ -46,12 +46,15 @@ profile kioslave5 @{exec_path} {
   /etc/xdg/kwinrc r,
   /etc/xdg/menus/{,**} r,
 
+  owner @{MOUNTDIRS}/** r,
+
   owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
   owner @{HOME}/@{XDG_DESKTOP_DIR}/.directory r,
   owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r,
 
   owner @{user_cache_dirs}/ksycoca5_* r,
   owner @{user_cache_dirs}/thumbnails/*/ r,
+  owner @{user_cache_dirs}/kio_http/* rwl,
 
   owner @{user_config_dirs}/kdedefaults/kdeglobals r,
   owner @{user_config_dirs}/kdedefaults/kwinrc r,
@@ -61,6 +64,7 @@ profile kioslave5 @{exec_path} {
   owner @{user_share_dirs}/baloo/index-lock rwk,
   owner @{user_share_dirs}/baloo/index rw,
 
+        @{run}/mount/utab r,
   owner @{run}/user/@{uid}/#@{int} rw,
   owner @{run}/user/@{uid}/kio_desktop*kioworker.socket rwl,
   owner @{run}/user/@{uid}/xauth_@{rand6} rl,

apparmor.d/groups/kde/plasmashell

@@ -29,10 +29,14 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   include <abstractions/vulkan>
   include <abstractions/X-strict>
 
+  network inet dgram,
+  network inet6 dgram,
   network inet stream,
   network inet6 stream,
   network netlink raw,
 
+  ptrace read peer=pinentry-qt,
+
   signal (send),
 
   dbus (send,receive) bus=system path=/org/freedesktop/UPower/devices/{,DisplayDevice,battery_BAT[0-9]*,mouse_hidpp_battery_[0-9]*}
@@ -145,6 +149,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   owner @{user_share_dirs}/plasma/plasmoids/{,**} r,
   owner @{user_share_dirs}/user-places.xbel r,
 
+        @{run}/mount/utab r,
         @{run}/user/@{uid}/gvfs/ r,
   owner @{run}/user/@{uid}/#@{int} rw,
   owner @{run}/user/@{uid}/kdesud_:1 w,

apparmor.d/groups/kde/xdm-xsession

@@ -87,6 +87,8 @@ profile xdm-xsession @{exec_path} {
   owner /tmp/ssh-*/ rw,
   owner /tmp/ssh-*/agent.* rw,
 
+        @{PROC}/@{pids}/stat r,
+        @{PROC}/@{pids}/statm r,
   owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/fd/ r,