From 3b2f745bcaa126150e8f3f8f4bda6150a63e950c Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 22 Aug 2025 19:25:00 +0200
Subject: [PATCH] feat(abs): use the new core abs in desktop.

---
 apparmor.d/abstractions/desktop       | 21 ++++++++-------------
 apparmor.d/abstractions/desktop-files |  5 +++++
 apparmor.d/abstractions/gnome-strict  | 14 +++++++-------
 apparmor.d/abstractions/gsettings     |  1 +
 apparmor.d/abstractions/icons         |  3 ---
 apparmor.d/abstractions/kde-strict    | 10 +++++-----
 apparmor.d/abstractions/mime          |  7 ++++++-
 apparmor.d/abstractions/recently-used | 21 +++++++++++++++++++++
 8 files changed, 53 insertions(+), 29 deletions(-)
 create mode 100644 apparmor.d/abstractions/recently-used

diff --git a/apparmor.d/abstractions/desktop b/apparmor.d/abstractions/desktop
index 878f6f794..4a32a1aa7 100644
--- a/apparmor.d/abstractions/desktop
+++ b/apparmor.d/abstractions/desktop
@@ -9,10 +9,14 @@
 
   abi <abi/4.0>,
 
+  include <abstractions/desktop-files>
   include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
+  include <abstractions/gsettings>
   include <abstractions/gtk>
+  include <abstractions/icons>
+  include <abstractions/mime>
   include <abstractions/qt5>
+  include <abstractions/recently-used>
   include <abstractions/wayland>
   include <abstractions/X-strict>
   include <abstractions/xdg-desktop>
@@ -24,16 +28,11 @@
          member=Introspect
          peer=(name=@{busname}, label=gnome-shell),
 
-    /usr/{local/,}share/ r,
-    /usr/{local/,}share/glib-@{version}/schemas/** r,
-    /usr/{local/,}share/gvfs/remote-volume-monitors/{,*}  r,
+    @{system_share_dirs}/gvfs/remote-volume-monitors/{,*}  r,
 
     /etc/gnome/* r,
-    /etc/xdg/{,*-}mimeapps.list r,
 
-    /var/cache/gio-@{version}/gnome-mimeapps.list r,
-
-    / r, # deny?
+    / r,
 
     owner @{user_share_dirs}/gnome-shell/session.gvdb rw,
 
@@ -49,8 +48,6 @@
     /etc/xdg/kcminputrc r,
     /etc/xdg/kdeglobals r,
     /etc/xdg/kwinrc r,
-    /etc/xdg/menus/ r,
-    /etc/xdg/menus/applications-merged/ r,
 
     owner @{user_cache_dirs}/#@{int} rw,
     owner @{user_cache_dirs}/icon-cache.kcache rw,
@@ -65,8 +62,6 @@
     owner @{user_config_dirs}/kdedefaults/kwinrc r,
     owner @{user_config_dirs}/kdeglobals r,
     owner @{user_config_dirs}/kwinrc r,
-    owner @{user_config_dirs}/menus/ r,
-    owner @{user_config_dirs}/menus/applications-merged/ r,
     owner @{user_config_dirs}/session/ rw,
     owner @{user_config_dirs}/session/@{profile_name}* rwlk,
     owner @{user_config_dirs}/session/#@{int} rw,
@@ -82,7 +77,7 @@
   # end
 
   /usr/share/desktop-base/{,**} r,
-  /usr/share/hwdata/*.ids r,
+  /usr/share/hwdata/*.ids r, # FIXME: a bit too wide
   /usr/share/icu/@{int}.@{int}/*.dat r,
 
   include if exists <abstractions/desktop.d>
diff --git a/apparmor.d/abstractions/desktop-files b/apparmor.d/abstractions/desktop-files
index d616dad83..9c0a8b941 100644
--- a/apparmor.d/abstractions/desktop-files
+++ b/apparmor.d/abstractions/desktop-files
@@ -12,11 +12,16 @@
 
   /etc/gnome/defaults.list r,
   /etc/xfce4/defaults.list r,
+  /etc/xdg/menus/ r,
+  /etc/xdg/menus/applications-merged/{,**} r,
 
   /var/lib/snapd/desktop/applications/{,**} r,
 
   owner @{user_share_dirs}/applications/{,**} r,
 
+  owner @{user_config_dirs}/menus/ r,
+  owner @{user_config_dirs}/menus/applications-merged/{,**} r,
+
   include if exists <abstractions/desktop-files.d>
 
 # vim:syntax=apparmor
diff --git a/apparmor.d/abstractions/gnome-strict b/apparmor.d/abstractions/gnome-strict
index fadaedcbf..445c62e6b 100644
--- a/apparmor.d/abstractions/gnome-strict
+++ b/apparmor.d/abstractions/gnome-strict
@@ -4,9 +4,14 @@
 
   abi <abi/4.0>,
 
+  include <abstractions/desktop-files>
   include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
+  include <abstractions/gsettings>
   include <abstractions/gtk>
+  include <abstractions/icons>
+  include <abstractions/mime>
+  include <abstractions/qt5>
+  include <abstractions/recently-used>
   include <abstractions/wayland>
   include <abstractions/X-strict>
   include <abstractions/xdg-desktop>
@@ -20,14 +25,9 @@
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
 
-  /usr/{local/,}share/ r,
-  /usr/{local/,}share/glib-@{int}.@{int}/schemas/** r,
-  /usr/{local/,}share/gvfs/remote-volume-monitors/{,*}  r,
+  @{system_share_dirs}/gvfs/remote-volume-monitors/{,*}  r,
 
   /etc/gnome/* r,
-  /etc/xdg/{,*-}mimeapps.list r,
-
-  /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,
 
   / r,
 
diff --git a/apparmor.d/abstractions/gsettings b/apparmor.d/abstractions/gsettings
index 788b14486..4d22f080b 100644
--- a/apparmor.d/abstractions/gsettings
+++ b/apparmor.d/abstractions/gsettings
@@ -5,6 +5,7 @@
 
   abi <abi/4.0>,
 
+  @{system_share_dirs}/ r,
   @{system_share_dirs}/glib-2.0/schemas/ r,
   @{system_share_dirs}/glib-2.0/schemas/gschemas.compiled r,
 
diff --git a/apparmor.d/abstractions/icons b/apparmor.d/abstractions/icons
index 0dd44e33c..6a721b837 100644
--- a/apparmor.d/abstractions/icons
+++ b/apparmor.d/abstractions/icons
@@ -16,10 +16,7 @@
 
   owner @{HOME}/.icons/{,**} r,
 
-  owner @{user_config_dirs}/mimeapps.list r,
-
   owner @{user_share_dirs}/icons/{,**} r,
-  owner @{user_share_dirs}/mime/{,**} r,
 
   include if exists <abstractions/icons.d>
 
diff --git a/apparmor.d/abstractions/kde-strict b/apparmor.d/abstractions/kde-strict
index fd994d12d..5fbdd7869 100644
--- a/apparmor.d/abstractions/kde-strict
+++ b/apparmor.d/abstractions/kde-strict
@@ -4,10 +4,14 @@
 
   abi <abi/4.0>,
 
+  include <abstractions/desktop-files>
   include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
+  include <abstractions/gsettings>
   include <abstractions/gtk>
+  include <abstractions/icons>
+  include <abstractions/mime>
   include <abstractions/qt5>
+  include <abstractions/recently-used>
   include <abstractions/wayland>
   include <abstractions/X-strict>
   include <abstractions/xdg-desktop>
@@ -26,8 +30,6 @@
   /etc/xdg/kcminputrc r,
   /etc/xdg/kdeglobals r,
   /etc/xdg/kwinrc r,
-  /etc/xdg/menus/ r,
-  /etc/xdg/menus/applications-merged/ r,
 
   owner @{user_cache_dirs}/#@{int} rw,
   owner @{user_cache_dirs}/icon-cache.kcache rw,
@@ -42,8 +44,6 @@
   owner @{user_config_dirs}/kdedefaults/kwinrc r,
   owner @{user_config_dirs}/kdeglobals r,
   owner @{user_config_dirs}/kwinrc r,
-  owner @{user_config_dirs}/menus/ r,
-  owner @{user_config_dirs}/menus/applications-merged/ r,
   owner @{user_config_dirs}/session/ rw,
   owner @{user_config_dirs}/session/*_@{hex}_@{int}_@{int} rwlk,
   owner @{user_config_dirs}/session/#@{int} rw,
diff --git a/apparmor.d/abstractions/mime b/apparmor.d/abstractions/mime
index 6622c99dd..9a70edaf8 100644
--- a/apparmor.d/abstractions/mime
+++ b/apparmor.d/abstractions/mime
@@ -9,8 +9,13 @@
   @{system_share_dirs}/mime/{,**} r,
 
   /etc/mime.types r,
+  /etc/xdg/{,*-}mimeapps.list r,
 
-  owner @{user_share_dirs}/mime/mime.cache r,
+  /var/cache/gio-@{version}/{,*-}-mimeapps.list r,
+
+  owner @{user_config_dirs}/mimeapps.list r,
+
+  owner @{user_share_dirs}/mime/{,**} r,
 
   include if exists <abstractions/mime.d>
 
diff --git a/apparmor.d/abstractions/recently-used b/apparmor.d/abstractions/recently-used
new file mode 100644
index 000000000..d3a7ec289
--- /dev/null
+++ b/apparmor.d/abstractions/recently-used
@@ -0,0 +1,21 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2009 Canonical Ltd.
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  abi <abi/4.0>,
+
+  owner @{HOME}/.recently-used.xbel rw,
+  owner @{HOME}/.recently-used.xbel.@{rand6} rwl,
+  owner @{HOME}/.recently-used.xbel.lock rwk,
+
+  owner @{user_share_dirs}/#@{int} rw,
+  owner @{user_share_dirs}/recently-used.xbel rw,
+  owner @{user_share_dirs}/recently-used.xbel.@{rand6} rwl,
+  owner @{user_share_dirs}/recently-used.xbel.lock rwk,
+
+  owner @{user_config_dirs}/user-dirs.dirs  r, # FIXME: not here?
+
+  include if exists <abstractions/recently-used.d>
+
+# vim:syntax=apparmor