feat(profile): general update.

apparmor.d/profiles-a-f/btop

@@ -23,17 +23,19 @@ profile btop @{exec_path} {
 
   owner @{user_config_dirs}/btop/{,**} rw,
 
-  @{sys}/class/power_supply/ r,
   @{sys}/class/hwmon/ r,
+  @{sys}/class/power_supply/ r,
+  @{sys}/devices/@{pci}/host@{int}/*/*/block/*/*/stat r,
+  @{sys}/devices/@{pci}/net/*/address r,
+  @{sys}/devices/@{pci}/net/*/statistics/{rx,tx}_bytes r,
+  @{sys}/devices/@{pci}/usb@{int}/**/power_supply/** r,
+  @{sys}/devices/platform/coretemp.@{int}/hwmon/hwmon@{int}/{,*} r,
   @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r,
+  @{sys}/devices/virtual/**/net/*/address r,
+  @{sys}/devices/virtual/**/net/*/statistics/{rx,tx}_bytes r,
+  @{sys}/devices/virtual/block/dm-@{int}/stat r,
   @{sys}/devices/virtual/thermal/thermal_zone@{int}/ r,
   @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/{,*} r,
-  @{sys}/devices/platform/coretemp.@{int}/hwmon/hwmon@{int}/{,*} r,
-  @{sys}/devices/virtual/block/dm-@{int}/stat r,
-  @{sys}/devices/@{pci}/host@{int}/*/*/block/*/*/stat r,
-  @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/statistics/{rx,tx}_bytes r,
-  @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/address r,
-  @{sys}/devices/pci[0-9]*/*/*/usb@{int}/**/power_supply/hidpp_battery_[@{int}/{,hwmon@{int}/} r,
 
         @{PROC} r,
         @{PROC}/loadavg r,

apparmor.d/profiles-a-f/dkms

@@ -61,7 +61,7 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
   @{lib}/linux-kbuild-*/tools/objtool/objtool  rix,
   @{lib}/llvm-[0-9]*/bin/clang                 rix,
   @{lib}/modules/*/build/scripts/**            rix,
-  @{lib}/modules/*/build/tools/objtool/objtool rix,
+  @{lib}/modules/*/build/tools/**              rix,
 
   /var/lib/dkms/**/build/* rix,
   /var/lib/dkms/**/configure rix,
@@ -125,6 +125,8 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
 
     owner /tmp/tmp.* r,
 
+    @{sys}/module/compression r,
+
     deny /apparmor/.null rw,
 
     include if exists <local/dkms_kmod>

apparmor.d/profiles-a-f/flatpak

@@ -9,11 +9,11 @@ include <tunables/global>
 @{exec_path} = @{bin}/flatpak
 profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/bus-session>
   include <abstractions/bus/org.freedesktop.Accounts>
+  include <abstractions/consoles>
   include <abstractions/dconf-write>
-  include <abstractions/freedesktop.org>
+  include <abstractions/gnome-strict>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
   include <abstractions/ssl_certs>
@@ -44,7 +44,6 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
   @{bin}/gpgsm               rCx -> gpg,
   @{lib}/revokefs-fuse       rix,
 
-  /usr/share/gvfs/remote-volume-monitors/*.monitor r,
   /usr/share/flatpak/{,**} r,
 
   /etc/flatpak/{,**} r,

apparmor.d/profiles-a-f/fsck

@@ -24,16 +24,16 @@ profile fsck @{exec_path} {
   /etc/fstab r,
 
   # When a mount dir is passed to fsck as an argument.
+  @{HOME}/ r,
   @{MOUNTS}/ r,
   /boot/ r,
-  /home/ r,
 
-  owner @{run}/fsck/ rw,
-  owner @{run}/fsck/*.lock rwk,
-  owner @{run}/blkid/blkid.tab{,-@{rand6}} rw,
-  owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,
         @{run}/mount/utab r,
         @{run}/systemd/fsck.progress rw,
+  owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,
+  owner @{run}/blkid/blkid.tab{,-@{rand6}} rw,
+  owner @{run}/fsck/ rw,
+  owner @{run}/fsck/*.lock rwk,
 
   @{PROC}/@{pids}/mountinfo r,
   @{PROC}/partitions r,