From 418107f11ea393e35b1feaf6d87883894de12ae3 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 6 Oct 2022 20:47:22 +0100
Subject: [PATCH] feat(profiles): allow gvfs-metadata on some profile that
 really need it.

---
 apparmor.d/groups/gnome/evolution-source-registry | 5 ++---
 apparmor.d/groups/gnome/gnome-shell               | 1 +
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry
index 463470b2d..7375dbe33 100644
--- a/apparmor.d/groups/gnome/evolution-source-registry
+++ b/apparmor.d/groups/gnome/evolution-source-registry
@@ -25,14 +25,13 @@ profile evolution-source-registry @{exec_path} {
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
+  owner @{user_cache_dirs}/evolution/{,**} rwk,
   owner @{user_config_dirs}/evolution/sources/{,*} rw,
   owner @{user_share_dirs}/evolution/{,**} r,
-  owner @{user_cache_dirs}/evolution/{,**} rwk,
+  owner @{user_share_dirs}/gvfs-metadata/{,*} r,
 
   @{PROC}/sys/kernel/osrelease r,
   @{PROC}/cmdline r,
 
-  deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
-
   include if exists <local/evolution-source-registry>
 }
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index de80727b8..fe929c563 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -120,6 +120,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   owner @{user_share_dirs}/desktop-directories/{,**} r,
   owner @{user_share_dirs}/gnome-shell/{,**} rw,
   owner @{user_share_dirs}/gnome-shell/extensions/{,**} r,
+  owner @{user_share_dirs}/gvfs-metadata/{,*} r,
 
   owner @{user_cache_dirs}/evolution/addressbook/*/PHOTO-*.JPEG r,
   owner @{user_cache_dirs}/gnome-boxes/*.png r,