feat(abs): update dbus interface abs.

apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1

@@ -2,15 +2,11 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
-# Allow setting realtime priorities. Clients require RLIMIT_RTTIME in the first
+# Allow setting realtime priorities.
-# place and client authorization is done via PolicyKit. Note that setrlimit()
-# is allowed by default seccomp policy but requires 'capability sys_resource',
-# which we deny be default.
-# http://git.0pointer.net/rtkit.git/tree/README
 
   abi <abi/4.0>,
 
-  #-aa-dbus common bus=system name=org.freedesktop.RealtimeKit1 label=rtkit-daemon
+  #aa:dbus common bus=system name=org.freedesktop.RealtimeKit1 label=rtkit-daemon
   dbus send bus=system path=/org/freedesktop/RealtimeKit1
        interface=org.freedesktop.DBus.Properties
        member=Get
@@ -18,8 +14,13 @@
 
   dbus send bus=system path=/org/freedesktop/RealtimeKit1
        interface=org.freedesktop.RealtimeKit1
-       member={MakeThreadHighPriority,MakeThreadRealtime,MakeThreadRealtimeWithPID}
+       member={MakeThreadHighPriority,MakeThreadRealtime}
-       peer=(name=org.freedesktop.RealtimeKit1, label=rtkit-daemon),
+       peer=(name="{@{busname},org.freedesktop.RealtimeKit1}", label=rtkit-daemon),
+
+  dbus send bus=system path=/org/freedesktop/RealtimeKit1
+       interface=org.freedesktop.RealtimeKit1
+       member={MakeThreadHighPriorityWithPID,MakeThreadRealtimeWithPID}
+       peer=(name="{@{busname},org.freedesktop.RealtimeKit1}", label=rtkit-daemon),
 
   include if exists <abstractions/bus/org.freedesktop.RealtimeKit1.d>
 

apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files

@@ -7,12 +7,12 @@
   dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint
        interface=org.freedesktop.DBus.Peer
        member=Ping
-       peer=(name=org.freedesktop.Tracker3.Miner.Files, label=tracker-miner),
+       peer=(name=org.freedesktop.Tracker3.Miner.Files, label="{localsearch,tracker-miner}"),
 
   dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint
        interface=org.freedesktop.Tracker3.Endpoint
        member=Query
-       peer=(name=org.freedesktop.Tracker3.Miner.Files, label=tracker-miner),
+       peer=(name=org.freedesktop.Tracker3.Miner.Files, label="{localsearch,tracker-miner}"),
 
   include if exists <abstractions/bus/org.freedesktop.Tracker3.Miner.Files.d>
 

apparmor.d/abstractions/bus/org.freedesktop.UPower.PowerProfiles

@@ -0,0 +1,11 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  abi <abi/4.0>,
+
+  #aa:dbus common bus=system name=org.freedesktop.UPower.PowerProfiles label=power-profiles-daemon
+
+  include if exists <abstractions/bus/org.freedesktop.UPower.PowerProfiles.d>
+
+# vim:syntax=apparmor

apparmor.d/abstractions/bus/org.freedesktop.hostname1

@@ -5,6 +5,10 @@
   abi <abi/4.0>,
 
   #aa:dbus common bus=system name=org.freedesktop.hostname1 label=systemd-hostnamed
+  dbus send bus=system path=/org/freedesktop/hostname1
+       interface=org.freedesktop.DBus.Properties
+       member=Get
+       peer=(name=org.freedesktop.hostname1),
 
   include if exists <abstractions/bus/org.freedesktop.hostname1.d>
 

apparmor.d/abstractions/bus/org.gtk.vfs.Metadata

@@ -5,6 +5,10 @@
   abi <abi/4.0>,
 
   #aa:dbus common bus=system name=org.gtk.vfs.Metadata path=/org/gtk/vfs/metadata label=gvfsd-metadata
+  dbus send bus=session path=/org/gtk/vfs/metadata
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=@{busname}, label=gvfsd-metadata),
 
   dbus send bus=session path=/org/gtk/vfs/metadata
        interface=org.gtk.vfs.Metadata