diff --git a/easytag b/easytag
new file mode 100644
index 000000000..b661d7ba2
--- /dev/null
+++ b/easytag
@@ -0,0 +1,52 @@
+#vim:syntax=apparmor
+#AppArmor policy for easytag
+#Copyright (C) 2023 Andy Ramos <public@gracelesslady.art>
+#SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/easytag
+profile easytag @{exec_path} {
+  	include <abstractions/base>
+  	include <abstractions/dconf-write>
+  	include <abstractions/gnome>
+  	include <abstractions/gtk>
+  	include <abstractions/private-files-strict>
+  	include <abstractions/ibus>
+
+  	@{exec_path} mr,
+
+  	@{bin}/@{unix_shell} rix,
+  	@{bin}/totem rPx,
+  	@{bin}/mpv rPx,
+
+  /etc/machine-id r,
+
+	owner @{HOME}/{,**} r,
+
+	owner @{user_documents_dirs}/{,**} rw,
+	owner @{user_download_dirs}/{,**} rw,
+	owner @{user_music_dirs}/{,**} rw,
+	owner @{user_publicshare_dirs}/{,**} rw,
+	owner @{user_torrents_dirs}/{,**} rw,
+	owner @{user_work_dirs}/{,**} rw,
+
+	owner @{user_cache_dirs}/easytag/ r,
+	owner @{user_cache_dirs}/easytag/** rwk,
+  owner @{user_config_dirs}/easytag/ r,
+	owner @{user_config_dirs}/easytag/** rwk,
+	owner @{user_music_dirs}/{,**} rw,
+
+	/ r,
+  /home/ r,
+	/run/ r,
+	/media/ r,
+
+	owner @{PROC}/@{pid}/mountinfo r,
+
+	deny /{bin,dev,lib32,libx32,mnt,proc,root,sbin,sys,usr,boot,etc,lib,lib64,opt,recovery,srv,tmp,var}/{,*/} r,
+
+	include if exists <local/easytag>
+}