feat(profile): update profiles for gnome 47.

apparmor.d/groups/freedesktop/xdg-desktop-portal

@@ -21,13 +21,16 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
   include <abstractions/freedesktop.org>
   include <abstractions/nameservice-strict>
   include <abstractions/thumbnails-cache-read>
+  include <abstractions/trash-strict>
   include <abstractions/user-download-strict>
 
   capability sys_ptrace,
 
   network netlink raw,
 
-  ptrace (read),
+  ptrace read,
+
+  signal receive set=term peer=gdm,
 
   #aa:dbus own bus=session name=org.freedesktop.portal.Desktop path=/org/freedesktop/portal/desktop interface={org.freedesktop.DBus.Properties,org.freedesktop{,.impl}.portal.{Settings,Background}}
   dbus receive bus=session path=/org/freedesktop/portal/desktop
@@ -63,6 +66,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/dconf/profile/gdm r,
   /usr/share/xdg-desktop-portal/** r,
+  /usr/share/gdm/greeter-dconf-defaults r,
 
   /etc/sysconfig/proxy r,
 

apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome

@@ -38,13 +38,15 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
   / r,
   @{bin}/ r,
   @{bin}/* r,
-  /opt/*/* r,
+  /opt/** r,
 
   /usr/share/dconf/profile/gdm r,
+  /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/thumbnailers/{,**} r,
 
-  owner @{DESKTOP_HOME}/greeter-dconf-defaults r,
+  owner @{desktop_cache_dirs}/dconf/user r,
   owner @{desktop_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rw,
+  owner @{DESKTOP_HOME}/greeter-dconf-defaults r,
 
   owner @{HOME}/ r,
   owner @{HOME}/* r,

apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = @{lib}/xdg-desktop-portal-gtk
-profile xdg-desktop-portal-gtk @{exec_path} {
+profile xdg-desktop-portal-gtk @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
@@ -27,7 +27,8 @@ profile xdg-desktop-portal-gtk @{exec_path} {
   include <abstractions/nameservice-strict>
   include <abstractions/thumbnails-cache-read>
   include <abstractions/user-download-strict>
-  include <abstractions/user-write>
+
+  signal receive set=term peer=gdm,
 
   unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell),
 
@@ -53,10 +54,14 @@ profile xdg-desktop-portal-gtk @{exec_path} {
 
   @{exec_path} mr,
 
+  /usr/share/gdm/greeter-dconf-defaults r,
+
   / r,
 
   owner /var/lib/xkb/server-@{int}.xkm rw,
 
+  owner @{gdm_config_dirs}/dconf/user r,
+
   owner @{tmp}/runtime-*/xauth_@{rand6} r,
 
   @{run}/mount/utab r,