feat(profile): improve some dbus rules.

apparmor.d/groups/bluetooth/bluetoothd

@@ -32,7 +32,7 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
 
   dbus send bus=system path=/
        interface=org.freedesktop.DBus.ObjectManager
-       member=InterfacesRemoved
+       member={InterfacesRemoved,InterfacesAdded}
        peer=(name=org.freedesktop.DBus),
 
   @{exec_path} mr,

apparmor.d/groups/gvfs/gvfsd-dnssd

@@ -33,6 +33,11 @@ profile gvfsd-dnssd @{exec_path} {
        member={MountLocation,LookupMount,RegisterMount}
        peer=(name="@{busname}", label=gvfsd),
 
+  dbus receive bus=session path=/
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect
+       peer=(name=@{busname}, label=gnome-shell),
+
   @{exec_path} mr,
 
   owner @{run}/user/@{uid}/gvfsd/ rw,

apparmor.d/groups/gvfs/gvfsd-http

@@ -24,6 +24,10 @@ profile gvfsd-http @{exec_path} {
   network netlink raw,
 
   #aa:dbus own bus=session name=org.gtk.vfs.mountpoint_http
+  dbus receive bus=session
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect
+       peer=(name=:*, label=gnome-shell),
 
   dbus receive bus=session path=/org/gtk/vfs/mountable
        interface=org.gtk.vfs.Mountable

apparmor.d/groups/gvfs/gvfsd-trash

@@ -11,6 +11,7 @@ include <tunables/global>
 profile gvfsd-trash @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>
+  include <abstractions/bus/org.gtk.vfs.Daemon>
   include <abstractions/freedesktop.org>
   include <abstractions/nameservice-strict>
   include <abstractions/trash-strict>
@@ -21,11 +22,6 @@ profile gvfsd-trash @{exec_path} {
 
   #aa:dbus own bus=session name=org.gtk.vfs.mountpoint_@{int}
 
-  dbus receive bus=session path=/org/gtk/vfs/Daemon
-       interface=org.gtk.vfs.Daemon
-       member=GetConnection
-       peer=(name="@{busname}", label="{gnome-shell,nautilus}"),
-
   dbus receive bus=session path=/org/gtk/vfs/mountable
        interface=org.gtk.vfs.Mountable
        member=Mount

apparmor.d/groups/network/mullvad-gui

@@ -14,6 +14,9 @@ include <tunables/global>
 @{exec_path} = @{lib_dirs}/mullvad-gui
 profile mullvad-gui @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus-accessibility>
+  include <abstractions/bus-session>
+  include <abstractions/bus/org.a11y>
   include <abstractions/common/electron>
 
   network inet stream,

apparmor.d/groups/ssh/sshd

@@ -61,6 +61,11 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
        member={CreateSession,ReleaseSession,CreateSessionWithPIDFD}
        peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"),
 
+  dbus send bus=system path=/org/freedesktop/home1
+       interface=org.freedesktop.home1.Manager
+       member=GetUserRecordByName
+       peer=(name=org.freedesktop.home1, label="@{p_systemd_homed}"),
+
   @{exec_path} mrix,
 
   @{bin}/@{shells}                   Ux, #aa:exclude RBAC

apparmor.d/groups/virt/cockpit-wsinstance-factory

@@ -9,6 +9,9 @@ include <tunables/global>
 @{exec_path} = @{lib}/cockpit/cockpit-wsinstance-factory
 profile cockpit-wsinstance-factory @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus-system>
+
+  unix bind type=stream addr=@@{udbus}/bus/cockpit-wsinsta/system,
 
   capability net_admin,
 

apparmor.d/profiles-s-z/virt-manager

@@ -12,6 +12,10 @@ include <tunables/global>
 profile virt-manager @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/audio-client>
+  include <abstractions/bus-accessibility>
+  include <abstractions/bus-session>
+  include <abstractions/bus-system>
+  include <abstractions/bus/org.a11y>
   include <abstractions/dconf-write>
   include <abstractions/desktop>
   include <abstractions/devices-usb>
@@ -28,6 +32,8 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
   network inet6 stream,
   network netlink raw,
 
+  #aa:dbus own bus=session name=org.virt-manager.virt-manager
+
   @{exec_path} rix,
 
   @{sh_path}        rix,