feat(profile): general update.

apparmor.d/abstractions/bwrap-app

@@ -12,22 +12,16 @@
   include <abstractions/consoles>
   include <abstractions/dbus-session>
   include <abstractions/deny-sensitive-home>
+  include <abstractions/desktop>
   include <abstractions/devices-usb>
   include <abstractions/disks-read>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/gstreamer>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-intel>
-  include <abstractions/opencl-mesa>
-  include <abstractions/opencl-nvidia>
   include <abstractions/openssl>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
   include <abstractions/video>
-  include <abstractions/vulkan>
 
   /usr/** r,
 

apparmor.d/abstractions/chromium

@@ -16,20 +16,15 @@
 
   include <abstractions/audio>
   include <abstractions/dconf-write>
+  include <abstractions/desktop>
   include <abstractions/devices-usb>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
-  include <abstractions/mesa>
+  include <abstractions/graphics-full>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
   include <abstractions/ssl_certs>
   include <abstractions/thumbnails-cache-read>
   include <abstractions/user-download-strict>
   include <abstractions/user-read>
-  include <abstractions/vulkan>
-  include <abstractions/wayland>
 
   # userns,
 
@@ -97,7 +92,6 @@
   /usr/share/chromium/extensions/{,**} r,
   /usr/share/egl/{,**} r,
   /usr/share/hwdata/pnp.ids r,
-  /usr/share/libdrm/*.ids r,
   /usr/share/mozilla/extensions/{,**} r,
   /usr/share/qt{5,}/translations/*.qm r,
   /usr/share/webext/{,**} r,
@@ -105,7 +99,6 @@
   /etc/@{name}/{,**} r,
   /etc/fstab r,
   /etc/igfx_user_feature{,_next}.txt w,
-  /etc/libva.conf r,
   /etc/opensc.conf r,
 
   /var/lib/dbus/machine-id r,
@@ -119,10 +112,7 @@
   owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
   owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
 
-  owner @{user_cache_dirs}/ rw,
-  owner @{user_config_dirs}/ r,
   owner @{user_config_dirs}/gtk-3.0/servers r,
-  owner @{user_share_dirs}/ r,
   owner @{user_share_dirs}/.@{domain}.* rw,
 
   owner @{config_dirs}/ rw,
@@ -182,20 +172,16 @@
 
   @{sys}/bus/ r,
   @{sys}/bus/**/devices/ r,
-  @{sys}/class/ r,
   @{sys}/class/**/ r,
   @{sys}/devices/**/uevent r,
   @{sys}/devices/@{pci}/{in_intensity_sampling_frequency,in_intensity_scale,in_illuminance_raw} r,
   @{sys}/devices/@{pci}/boot_vga r,
-  @{sys}/devices/@{pci}/{resource,irq} r,
   @{sys}/devices/@{pci}/report_descriptor r,
-  @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_max_freq r,
   @{sys}/devices/system/cpu/kernel_max r,
-  @{sys}/devices/system/cpu/present r,
   @{sys}/devices/virtual/**/report_descriptor r,
   @{sys}/devices/virtual/dmi/id/product_name r,
   @{sys}/devices/virtual/dmi/id/sys_vendor r,
-  @{sys}/devices/virtual/tty/tty[0-9]/active r,
+  @{sys}/devices/virtual/tty/tty@{int}/active r,
 
   /dev/ r,
   /dev/hidraw@{int} rw,

apparmor.d/abstractions/gstreamer

@@ -27,7 +27,7 @@
   #owner /tmp/orcexec.* mrw,
   #owner @{HOME}/orcexec.* mrw,
 
-  @{run}/udev/data/+drm:card[0-9]-* r,    # For screen outputs
+  @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
   @{run}/udev/data/+usb:* r,              # For /dev/bus/usb/**
 
   @{run}/udev/data/c81:@{int}  r,         # For video4linux

apparmor.d/abstractions/user-download-strict

@@ -5,7 +5,6 @@
 
   abi <abi/3.0>,
 
-  # new user; change to 'c'
   owner @{HOME}/@{XDG_DESKTOP_DIR}/ w,
   owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w,