feat(profiles): general update.

apparmor.d/groups/kde/kaccess

@@ -38,6 +38,8 @@ profile kaccess @{exec_path} {
 
   owner @{user_share_dirs}/mime/generic-icons r,
 
+  owner /tmp/xauth_?????? r,
+
   owner @{run}/user/@{uid}/xauth_?????? r,
   
   @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,

apparmor.d/groups/kde/kauth-kinfocenter-dmidecode-helper

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/kauth/{,libexec/}kinfocenter-dmidecode-helper
 profile kauth-kinfocenter-dmidecode-helper @{exec_path} {
   include <abstractions/base>
+  include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
 

apparmor.d/groups/kde/kconf_update

@@ -16,6 +16,7 @@ profile kconf_update @{exec_path} {
 
   @{bin}/{,ba,da}sh                      rix,
   @{bin}/grep                            rix,
+  @{bin}/python3.[0-9]*                  rix,
   @{bin}/qtpaths                         rix,
   @{bin}/sed                             rix,
 
@@ -30,16 +31,38 @@ profile kconf_update @{exec_path} {
   /usr/share/kconf_update/{,**} r,
   /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
 
+  /etc/machine-id r,
   /etc/xdg/kdeglobals r,
 
   owner @{user_config_dirs}/#[0-9]* rw,
+  owner @{user_config_dirs}/akregatorrc r,
+  owner @{user_config_dirs}/kateschemarc r,
+  owner @{user_config_dirs}/kcminputrc r,
   owner @{user_config_dirs}/kconf_updaterc r,
+  owner @{user_config_dirs}/kconf_updaterc.lock rk,
   owner @{user_config_dirs}/kconf_updaterc* rwl,
   owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals.lock rk,
   owner @{user_config_dirs}/kdeglobals* rwl,
+  owner @{user_config_dirs}/khotkeysrc r,
+  owner @{user_config_dirs}/kmixrc r,
+  owner @{user_config_dirs}/kscreenlockerrc r,
+  owner @{user_config_dirs}/ksmserverrc r,
+  owner @{user_config_dirs}/kwinrc.?????? rwl -> @{user_config_dirs}/#[0-9]*,
+  owner @{user_config_dirs}/kwinrc.lock rwk,
+  owner @{user_config_dirs}/kwinrulesrc rw,
+  owner @{user_config_dirs}/kwinrulesrc.?????? rwl -> @{user_config_dirs}/#[0-9]*,
+  owner @{user_config_dirs}/kwinrulesrc.lock rwk,
+  owner @{user_config_dirs}/kxkbrc rw,
+  owner @{user_config_dirs}/kxkbrc.?????? rwl -> @{user_config_dirs}/#[0-9]*,
+  owner @{user_config_dirs}/kxkbrc.lock rwk,
+  owner @{user_config_dirs}/plasmashellrc r,
 
   owner /tmp/#[0-9]* rw,
-  owner /tmp/kconf_update.?????? rw,
+  owner /tmp/kconf_update.* rwl,
+
+  @{PROC}/@{sys}/kernel/random/boot_id r,
 
   include if exists <local/kconf_update>
 }

apparmor.d/groups/kde/kde-powerdevil

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = @{lib}/org_kde_powerdevil
-profile kde-powerdevil @{exec_path} flags=(attach_disconnected) {
+profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) {
   include <abstractions/base>
   include <abstractions/qt5>
   include <abstractions/X-strict>
@@ -32,16 +32,20 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected) {
   owner @{user_config_dirs}/#[0-9]* rw,
   owner @{user_config_dirs}/kdedefaults/kdeglobals r,
   owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/powerdevilrc rwl -> @{user_config_dirs}/#[0-9]*,
   owner @{user_config_dirs}/powerdevilrc rwl,
+  owner @{user_config_dirs}/powerdevilrc.lock rwk,
   owner @{user_config_dirs}/powermanagementprofilesrc r,
+  owner @{user_config_dirs}/powermanagementprofilesrc rwl -> @{user_config_dirs}/#[0-9]*,
   owner @{user_config_dirs}/powermanagementprofilesrc.lock rwk,
 
         @{run}/systemd/inhibit/*.ref rw,
   owner @{run}/user/@{uid}kcrash_[0-9]* rw,
 
-  @{PROC}/sys/kernel/core_pattern r,
   @{PROC}/@{pid}/mounts r,
-  
+  @{PROC}/sys/kernel/core_pattern r,
+  @{PROC}/sys/kernel/random/boot_id r,
+
   @{sys}/class/ r,
   @{sys}/class/drm/ r,
   @{sys}/bus/ r,

apparmor.d/groups/kde/kded5

@@ -20,6 +20,7 @@ profile kded5 @{exec_path} {
   include <abstractions/mesa>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
+  include <abstractions/vulkan>
   include <abstractions/wutmp>
   include <abstractions/X-strict>
 

apparmor.d/groups/kde/kioslave5

@@ -47,6 +47,7 @@ profile kioslave5 @{exec_path} {
   /etc/xdg/menus/{,**} r,
 
   owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
+  owner @{HOME}/@{XDG_DESKTOP_DIR}/.directory r,
   owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r,
 
   owner @{user_cache_dirs}/ksycoca5_* r,

apparmor.d/groups/kde/kwalletd5

@@ -61,6 +61,7 @@ profile kwalletd5 @{exec_path} {
 
   owner /tmp/kwalletd5.* rw,
   owner /tmp/runtime-*/xauth_?????? r,
+  owner /tmp/xauth_?????? r,
 
         @{PROC}/sys/kernel/core_pattern r,
   owner @{PROC}/@{pid}/cmdline r,

apparmor.d/groups/kde/plasma-discover

@@ -27,6 +27,8 @@ profile plasma-discover @{exec_path} {
   network inet6 stream,
   network netlink raw,
 
+  signal (send) set=(term) peer=kioslave5,
+
   @{exec_path} mr,
 
   @{bin}/{,ba,da}sh                 rix,
@@ -37,10 +39,13 @@ profile plasma-discover @{exec_path} {
 
   /usr/share/kservices5/{,*} r,
   /usr/share/knsrcfiles/{,*} r,
+  /usr/share/qt/translations/*.qm r,
 
   /etc/appstream.conf r,
-  /etc/machine-id r,
   /etc/flatpak/remotes.d/{,**} r,
+  /etc/machine-id r,
+  /etc/xdg/ r,
+  /etc/xdg/accept-languages.codes r,
 
   /var/tmp/flatpak-cache-*/ rw,
   /var/tmp/flatpak-cache-*/** rwkl,
@@ -54,6 +59,8 @@ profile plasma-discover @{exec_path} {
   owner @{user_cache_dirs}/discover/{,**} rwl,
   owner @{user_cache_dirs}/appstream/*.xb r,
   owner @{user_cache_dirs}/appstream/ r,
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+  owner @{user_cache_dirs}/kio_http/ w,
 
   owner @{user_config_dirs}/ r,
   owner @{user_config_dirs}/#[0-9]* rwl,
@@ -61,6 +68,7 @@ profile plasma-discover @{exec_path} {
   owner @{user_config_dirs}/discoverrc.lock rwk,
   owner @{user_config_dirs}/kde.org/{,**} rwlk,
   owner @{user_config_dirs}/kdedefaults/ r,
+  owner @{user_config_dirs}/kdedefaults/plasmarc r,
   owner @{user_config_dirs}/kdedefaults/kdeglobals r,
   owner @{user_config_dirs}/kdedefaults/kwinrc r,
   owner @{user_config_dirs}/kdeglobals r,
@@ -68,10 +76,14 @@ profile plasma-discover @{exec_path} {
   owner @{user_config_dirs}/libaccounts-glib/ rw,
   owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal,-journal} rwk,
 
-  owner @{user_share_dirs}/knewstuff3/ r,
-
   owner @{user_share_dirs}/flatpak/repo/{,**} rw,
+  owner @{user_share_dirs}/knewstuff3/ r,
+  owner @{user_share_dirs}/knewstuff3/ w,
 
+  owner @{run}/user/@{uid}/#[0-9]* rw,
+  owner @{run}/user/@{uid}/discover??????.* rwl ->  @{run}/user/@{uid}/#[0-9]*,
+
+        @{PROC}/sys/kernel/core_pattern r,
         @{PROC}/sys/kernel/random/boot_id r,
   owner @{PROC}/@{pid}/mountinfo r,
 

apparmor.d/groups/kde/plasmashell

@@ -110,8 +110,8 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   owner @{user_config_dirs}/dolphinrc r,
   owner @{user_config_dirs}/eventviewsrc r,
   owner @{user_config_dirs}/kactivitymanagerd-statsrc r,
-  owner @{user_config_dirs}/kde.org/{,**} rwlk,
-  owner @{user_config_dirs}/KDE/{,**} r,
+  owner @{user_config_dirs}/{KDE,kde.org}/ rw,
+  owner @{user_config_dirs}/{KDE,kde.org}/** rwkl -> @{user_config_dirs}/{KDE,kde.org}/#[0-9]*,
   owner @{user_config_dirs}/kdedefaults/kdeglobals r,
   owner @{user_config_dirs}/kdedefaults/kwinrc r,
   owner @{user_config_dirs}/kdedefaults/plasmarc r,

apparmor.d/groups/kde/sddm

@@ -65,7 +65,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{bin}/dbus-update-activation-environment rCx -> dbus,
   @{bin}/gnome-keyring-daemon rPx,
   @{bin}/kwalletd5            rPx,
-  @{bin}/startplasma-wayland  rPUx,
+  @{bin}/startplasma-wayland  rPx,
   @{bin}/startplasma-x11      rPx,
   @{bin}/systemctl            rPx -> child-systemctl,
   @{bin}/xrdb                 rPx,
@@ -125,12 +125,12 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   owner /tmp/*/{,s} rw,
   owner /tmp/#[0-9]* rw,
   owner /tmp/sddm-auth* rw,
-  owner /tmp/xauth_?????? rw,
+  owner /tmp/xauth_?????? rwl -> /tmp/#[0-9]*,
 
         @{run}/faillock/[a-zA-z0-9]* rwk,
         @{run}/sddm.pid rw,
         @{run}/sddm/\{@{uuid}\} rw,
-        @{run}/sddm/xauth_?????? rwl,
+        @{run}/sddm/xauth_?????? rwl -> @{run}/sddm/#[0-9]*,
         @{run}/systemd/sessions/*.ref rw,
         @{run}/user/@{uid}/xauth_?????? rwl,
   owner @{run}/sddm/ rw,

apparmor.d/groups/kde/startplasma

@@ -6,8 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/startplasma-x11
-profile startplasma-x11 @{exec_path} {
+@{exec_path} = @{bin}/startplasma-{wayland,x11}
+profile startplasma @{exec_path} {
   include <abstractions/base>
   include <abstractions/freedesktop.org>
   include <abstractions/qt5>
@@ -61,6 +61,7 @@ profile startplasma-x11 @{exec_path} {
   owner @{user_share_dirs}/kservices5/{,**} r,
 
   owner @{user_share_dirs}/sddm/xorg-session.log rw,
+  owner @{user_share_dirs}/sddm/wayland-session.log rw,
 
   owner /tmp/#[0-9][0-9] rw,
   owner /tmp/startplasma-x11.?????? rwl,
@@ -72,5 +73,5 @@ profile startplasma-x11 @{exec_path} {
 
   /dev/tty r,
 
-  include if exists <local/startplasma-x11>
+  include if exists <local/startplasma>
 }

apparmor.d/groups/kde/xembedsniproxy

@@ -18,6 +18,8 @@ profile xembedsniproxy @{exec_path} {
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
 
+  owner /tmp/xauth_?????? r,
+
   @{run}/user/@{uid}/xauth_* rl,
 
   include if exists <local/xembedsniproxy>

apparmor.d/groups/kde/xsettingsd

@@ -16,6 +16,8 @@ profile xsettingsd @{exec_path} {
 
   owner @{user_config_dirs}/xsettingsd/{,**} rw,
 
+  owner /tmp/xauth_?????? r,
+
   owner @{run}/user/@{uid}/xauth_* rl,
 
   include if exists <local/xsettingsd>