From 4526e96318610985fd66ff7cd5626a63410666da Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 14 Sep 2025 20:03:22 +0200
Subject: [PATCH] feat(abs): add the gtk-strict abs.

---
 apparmor.d/abstractions/gtk-strict | 74 ++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 apparmor.d/abstractions/gtk-strict

diff --git a/apparmor.d/abstractions/gtk-strict b/apparmor.d/abstractions/gtk-strict
new file mode 100644
index 000000000..0bf0ab41c
--- /dev/null
+++ b/apparmor.d/abstractions/gtk-strict
@@ -0,0 +1,74 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021-2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  abi <abi/4.0>,
+
+  include <abstractions/bus/session/org.gtk.Actions>
+  include <abstractions/bus/session/org.gtk.Menus>
+  include <abstractions/bus/session/org.gtk.Settings>
+  include <abstractions/bus/session/org.gtk.vfs.MountTracker>
+
+  @{lib}/{,@{multiarch}/}gtk-2.0/{,**} mr,
+  @{lib}/{,@{multiarch}/}gtk-3.0/{,**} mr,
+  @{lib}/{,@{multiarch}/}gtk-4.0/{,**} mr,
+
+  /usr/share/gtksourceview-2.0/{,**} r,
+  /usr/share/gtksourceview-3.0/{,**} r,
+  /usr/share/gtksourceview-4/{,**} r,
+  /usr/share/gtksourceview-5/{,**} r,
+
+  /usr/share/gtk-2.0/ r,
+  /usr/share/gtk-2.0/gtkrc r,
+
+  /usr/share/gtk-3.0/ r,
+  /usr/share/gtk-3.0/settings.ini r,
+
+  /usr/share/gtk-4.0/ r,
+  /usr/share/gtk-4.0/settings.ini r,
+
+  /etc/gtk/gtkrc r,
+
+  /etc/gtk-2.0/ r,
+  /etc/gtk-2.0/gtkrc r,
+
+  /etc/gtk-3.0/ r,
+  /etc/gtk-3.0/*.conf r,
+  /etc/gtk-3.0/settings.ini r,
+
+  /etc/gtk-4.0/ r,
+  /etc/gtk-4.0/*.conf r,
+  /etc/gtk-4.0/settings.ini r,
+
+  owner @{HOME}/.gtk r,
+  owner @{HOME}/.gtkrc r,
+  owner @{HOME}/.gtkrc-2.0 r,
+  owner @{HOME}/.gtk-bookmarks r,
+
+  owner @{user_cache_dirs}/gtk-4.0/ rw,
+  owner @{user_cache_dirs}/gtk-4.0/vulkan-pipeline-cache/{,*} rw,
+  owner @{user_cache_dirs}/gtkrc r,
+  owner @{user_cache_dirs}/gtkrc-2.0 r,
+
+  owner @{user_config_dirs}/gtk-2.0/ rw,
+  owner @{user_config_dirs}/gtk-2.0/gtkfilechooser.ini* rw,
+
+  owner @{user_config_dirs}/gtk-3.0/ rw,
+  owner @{user_config_dirs}/gtk-3.0/bookmarks r,
+  owner @{user_config_dirs}/gtk-3.0/colors.css r,
+  owner @{user_config_dirs}/gtk-3.0/gtk.css r,
+  owner @{user_config_dirs}/gtk-3.0/servers r,
+  owner @{user_config_dirs}/gtk-3.0/settings.ini r,
+  owner @{user_config_dirs}/gtk-3.0/window_decorations.css r,
+
+  owner @{user_config_dirs}/gtk-4.0/ rw,
+  owner @{user_config_dirs}/gtk-4.0/bookmarks r,
+  owner @{user_config_dirs}/gtk-4.0/colors.css r,
+  owner @{user_config_dirs}/gtk-4.0/gtk.css r,
+  owner @{user_config_dirs}/gtk-4.0/servers r,
+  owner @{user_config_dirs}/gtk-4.0/settings.ini r,
+  owner @{user_config_dirs}/gtk-4.0/window_decorations.css r,
+
+  include if exists <abstractions/gtk-strict.d>
+
+# vim:syntax=apparmor