feat(profiles): general update.

apparmor.d/groups/gnome/evolution-source-registry

@@ -11,8 +11,8 @@ profile evolution-source-registry @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf>
   include <abstractions/nameservice-strict>
-  include <abstractions/ssl_certs>
   include <abstractions/p11-kit>
+  include <abstractions/ssl_certs>
 
   network inet stream,
   network inet6 stream,

apparmor.d/groups/gnome/gnome-extension-ding

@@ -23,7 +23,6 @@ profile gnome-extension-ding @{exec_path} {
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/gnome-shell/extensions/ding@rastersoft.com/* r,
-  /usr/share/themes/{,**} r,
   /usr/share/thumbnailers/{,*.thumbnailer} r,
   /usr/share/X11/{,**} r,
 
@@ -38,6 +37,7 @@ profile gnome-extension-ding @{exec_path} {
   owner @{user_share_dirs}/gvfs-metadata/home-*.log r,
 
   owner @{run}/user/@{uid}/bus rw,
+  owner @{run}/user/@{uid}/at-spi/bus rw,
   owner @{run}/user/@{uid}/dconf/ rw,
   owner @{run}/user/@{uid}/dconf/user rw,
 

apparmor.d/groups/gnome/gnome-session-binary

@@ -99,6 +99,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   owner @{user_config_dirs}/user-dirs.locale r,
   owner @{user_share_dirs}/applications/ r,
   owner @{user_share_dirs}/applications/mimeinfo.cache r,
+  owner @{user_share_dirs}/session_migration-ubuntu r,
 
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* r,
   owner @{run}/user/@{uid}/dconf/ rw,
@@ -107,6 +108,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   owner @{run}/user/@{uid}/gnome-session-leader-fifo rw,
   owner @{run}/user/@{uid}/ICEauthority{,-[a-z]} rwl,
   owner @{run}/user/@{uid}/systemd/notify w,
+  owner @{run}/user/@{uid}/wayland-[0-9]* rw,
         @{run}/systemd/inhibit/[0-9]*.ref rw,
         @{run}/systemd/sessions/* r,
         @{run}/systemd/sessions/*.ref rw,

apparmor.d/groups/gnome/gnome-shell

@@ -39,6 +39,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
 
   signal (receive) set=(term, hup) peer=gdm*,
   signal (send),
+ 
+  unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
+  unix (send,receive) type=stream addr=none peer=(label=gnome-extension-ding),
 
   @{exec_path} mr,
 
@@ -126,6 +129,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   owner @{run}/user/@{uid}/gnome-shell/{,**} rw,
   owner @{run}/user/@{uid}/gvfsd/socket-[0-9A-Za-z]* rw,
   owner @{run}/user/@{uid}/snap.snapd-desktop-integration/wayland-cursor-shared-* rw,
+  owner @{run}/user/@{uid}/systemd/notify rw,
   owner @{run}/user/@{uid}/wayland-[0-9].lock rwk,
 
   owner /dev/shm/.org.chromium.Chromium.* rw,

apparmor.d/groups/gnome/gnome-shell-calendar-server

@@ -17,6 +17,8 @@ profile gnome-shell-calendar-server @{exec_path} {
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/zoneinfo-icu/{,**} r,
 
+  /etc/timezone r,
+
   owner @{run}/user/@{uid}/dconf/ rw,
   owner @{run}/user/@{uid}/dconf/user rw,
 

apparmor.d/groups/gnome/nautilus

@@ -24,8 +24,9 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   /usr/share/sounds/freedesktop/stereo/*.oga r,
   /usr/share/thumbnailers/{,**} r,
   /usr/share/tracker3/{,**} r,
+  /usr/share/ubuntu/applications/{,**} r,
 
-  owner @{user_share_dirs}/nautilus/{,**} rwk,
+  /var/lib/snapd/desktop/icons/{,**} r,
 
   # Full access to user's data
   / r,
@@ -42,6 +43,8 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   deny /tmp/.* rw,
   deny /tmp/.*/{,**} rw,
 
+  owner @{user_share_dirs}/nautilus/{,**} rwk,
+
   owner @{run}/user/@{uid}/dconf/ rw,
   owner @{run}/user/@{uid}/dconf/user rw,