feat(dbus): rewrite some dbus rules (7).

apparmor.d/groups/systemd/systemd-logind

@@ -47,6 +47,9 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
   dbus send bus=system path=/org/freedesktop/systemd1/{unit,job}/**
        interface=org.freedesktop.DBus.Properties
        peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
+  dbus send bus=system path=/org/freedesktop/systemd1/{unit,job}/**
+       interface=org.freedesktop.systemd1.Scope
+       peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
 
   dbus send bus=system path=/org/freedesktop/systemd1
        interface=org.freedesktop.systemd1.Manager

apparmor.d/groups/systemd/systemd-timedated

@@ -1,6 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2018-2022 Mikhail Morfikov
-# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2022-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -15,19 +15,18 @@ profile systemd-timedated @{exec_path} flags=(attach_disconnected) {
 
   capability sys_time,
 
-  dbus (send,receive) bus=system path=/org/freedesktop/DBus
-       interface=org.freedesktop.DBus
-       member={AddMatch,ReleaseName,RequestName},
-
-  dbus send bus=system path=/org/freedesktop/systemd[0-9]/unit/*
+  dbus bind bus=system name=org.freedesktop.timedate1,
+  dbus receive bus=system path=/org/freedesktop/timedate1
        interface=org.freedesktop.DBus.Properties
-       member=GetAll,
+       peer=(name=:*),
+  dbus receive bus=system path=/org/freedesktop/timedate1
+       interface=org.freedesktop.timedate1
+       peer=(name=:*),
 
-  dbus receive bus=system path=/org/freedesktop/timedate[0-1]
+  dbus send bus=system path=/org/freedesktop/systemd1/unit/*
        interface=org.freedesktop.DBus.Properties
-       member={Get,GetAll},
-
-  dbus bind bus=system name=org.freedesktop.timedate[0-9],
+       member=GetAll
+       peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
 
   @{exec_path} mr,