feat(profiles): new definition for MOUNTs, add MOUNTDIRS.

apparmor.d/groups/apps/android-studio

@@ -6,8 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{AS_LIBDIR}     = @{MOUNTS}/*/android-studio
-@{AS_SDKDIR}     = @{MOUNTS}/*/SDK
+@{AS_LIBDIR}     = @{MOUNTS}/android-studio
+@{AS_SDKDIR}     = @{MOUNTS}/SDK
 @{AS_HOMEDIR}    = @{HOME}/.AndroidStudio*
 @{AS_PROJECTDIR} = @{HOME}/AndroidStudioProjects
 

apparmor.d/groups/apps/atom

@@ -87,9 +87,9 @@ profile atom @{exec_path} {
   # Git dirs
         / r,
         @{MOUNTS}/ r,
-  owner @{MOUNTS}/*/ r,
-  owner @{MOUNTS}/*/atom/ r,
-  owner @{MOUNTS}/*/atom/** rwkl -> @{MOUNTS}/*/atom/**,
+  owner @{MOUNTS}/ r,
+  owner @{MOUNTS}/@{XDG_PROJECTS_DIR}/ r,
+  owner @{MOUNTS}/@{XDG_PROJECTS_DIR}/** rwkl -> @{MOUNTS}/@{XDG_PROJECTS_DIR}/**,
 
   owner @{user_config_dirs}/git/config r,
 

apparmor.d/groups/apps/calibre

@@ -78,9 +78,9 @@ profile calibre @{exec_path} {
   owner @{HOME}/@{XDG_BOOKS_DIR} rw,
   owner @{HOME}/@{XDG_BOOKS_DIR}/** rwkl,
 
-  owner @{MOUNTS}/*/@{XDG_BOOKS_DIR}/ r,
-  owner @{MOUNTS}/*/@{XDG_BOOKS_DIR}*/ rw,
-  owner @{MOUNTS}/*/@{XDG_BOOKS_DIR}*/** rwkl -> @{MOUNTS}/*/@{XDG_BOOKS_DIR}*/**,
+  owner @{MOUNTS}/@{XDG_BOOKS_DIR}/ r,
+  owner @{MOUNTS}/@{XDG_BOOKS_DIR}*/ rw,
+  owner @{MOUNTS}/@{XDG_BOOKS_DIR}*/** rwkl -> @{MOUNTS}/@{XDG_BOOKS_DIR}*/**,
 
   owner @{user_config_dirs}/calibre/ rw,
   owner @{user_config_dirs}/calibre/** rwk,

apparmor.d/groups/apps/code

@@ -66,9 +66,8 @@ profile code @{exec_path} {
   # Git dirs
         / r,
         @{MOUNTS}/ r,
-  owner @{MOUNTS}/*/ r,
-  owner @{MOUNTS}/*/code/ r,
-  owner @{MOUNTS}/*/code/** rwkl -> @{MOUNTS}/*/code/**,
+  owner @{MOUNTS}/@{XDG_PROJECTS_DIR}/ r,
+  owner @{MOUNTS}/@{XDG_PROJECTS_DIR}/** rwkl -> @{MOUNTS}/@{XDG_PROJECTS_DIR}/**,
 
   /etc/fstab r,
 

apparmor.d/groups/apps/filezilla

@@ -56,8 +56,8 @@ profile filezilla @{exec_path} {
   /{usr/,}lib/firefox/firefox rPUx,
 
   # FTP share folder
-  owner @{MOUNTS}/*/ftp/ r,
-  owner @{MOUNTS}/*/ftp/** rw,
+  owner @{MOUNTS}/ftp/ r,
+  owner @{MOUNTS}/ftp/** rw,
 
   # Silencer
   / r,

apparmor.d/groups/apt/apt-cdrom

@@ -39,11 +39,11 @@ profile apt-cdrom @{exec_path} flags=(complain) {
   /media/cdrom[0-9]/dists/**/i18n/Translation-en{,.gz} r,
 
   # For pendrives
-  @{MOUNTS}/*/*/ r,
-  @{MOUNTS}/*/*/**/ r,
-  @{MOUNTS}/*/*/.disk/info r,
-  @{MOUNTS}/*/*/dists/**/binary-*/Packages{,.gz} r,
-  @{MOUNTS}/*/*/dists/**/i18n/Translation-en{,.gz} r,
+  @{MOUNTS}/*/ r,
+  @{MOUNTS}/*/**/ r,
+  @{MOUNTS}/*/.disk/info r,
+  @{MOUNTS}/*/dists/**/binary-*/Packages{,.gz} r,
+  @{MOUNTS}/*/dists/**/i18n/Translation-en{,.gz} r,
 
   /var/lib/apt/lists/** rw,
 

apparmor.d/groups/gpg/dirmngr

@@ -29,11 +29,11 @@ profile dirmngr @{exec_path} {
   owner @{HOME}/@{XDG_GPG_DIR}/crls.d/ rw,
   owner @{HOME}/@{XDG_GPG_DIR}/crls.d/DIR.txt rw,
 
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/ rw,
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/dirmngr.conf r,
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/dirmngr_ldapservers.conf r,
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/crls.d/ rw,
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/crls.d/DIR.txt rw,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/ rw,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/dirmngr.conf r,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/dirmngr_ldapservers.conf r,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/crls.d/ rw,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/crls.d/DIR.txt rw,
 
   owner @{run}/user/@{uid}/gnupg/ rw,
   owner @{run}/user/@{uid}/gnupg/S.dirmngr rw,

apparmor.d/groups/gpg/gpg

@@ -77,7 +77,7 @@ profile gpg @{exec_path} {
 
   # Verify files
   owner @{HOME}/** r,
-  owner @{MOUNTS}/*/** r,
+  owner @{MOUNTS}/** r,
 
   owner @{PROC}/@{pid}/task/@{tid}/stat rw,
   owner @{PROC}/@{pid}/task/@{tid}/comm rw,

apparmor.d/groups/gpg/gpg-agent

@@ -29,12 +29,12 @@ profile gpg-agent @{exec_path} {
   owner @{HOME}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
   owner @{HOME}/@{XDG_GPG_DIR}/sshcontrol r,
 
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/ rw,
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/gpg-agent.conf r,
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw,
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
-  owner @{MOUNTS}/*{,/*}/@{XDG_GPG_DIR}/sshcontrol r,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/ rw,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/gpg-agent.conf r,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/sshcontrol r,
 
   owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/ rw,
   owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/gpg-agent.conf r,

apparmor.d/groups/gvfs/gvfsd-archive

@@ -20,7 +20,7 @@ profile gvfsd-archive @{exec_path} {
   owner @{HOME}/**.{tar,tar.gz,zip} r,
 
   owner @{HOME}/**.{iso,img,bin,mdf,nrg} r,
-  owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} r,
+  owner @{MOUNTS}/**.{iso,img,bin,mdf,nrg} r,
   owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} r,
 
   include if exists <local/gvfsd-archive>

apparmor.d/groups/gvfs/gvfsd-mtp

@@ -24,7 +24,7 @@ profile gvfsd-mtp @{exec_path} {
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
   owner @{HOME}/{,**} rw,
-  owner @{MOUNTS}/*/{,**} rw,
+  owner @{MOUNTS}/{,**} rw,
 
   owner @{run}/user/@{uid}/gvfsd/socket-* rw,
 

apparmor.d/groups/gvfs/gvfsd-recent

@@ -19,7 +19,7 @@ profile gvfsd-recent @{exec_path} {
 
   # Full access to user's data
   owner @{HOME}/{,**} rw,
-  owner @{MOUNTS}/*/{,**} rw,
+  owner @{MOUNTS}/{,**} rw,
 
   owner @{HOME}/.zshenv r,
   owner @{user_config_dirs}/user-dirs.dirs r,

apparmor.d/groups/gvfs/gvfsd-trash

@@ -24,7 +24,7 @@ profile gvfsd-trash @{exec_path} {
 
   # Can restore all user files
   owner @{HOME}/{,**} rw,
-  owner @{MOUNTS}/*/{,**} rw,
+  owner @{MOUNTS}/{,**} rw,
 
   owner @{run}/user/@{uid}/gvfsd/ rw,
   owner @{run}/user/@{uid}/gvfsd/socket-* rw,