From 7b0a78b1f13743eae7f59efbaf501654955e7372 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 23 Aug 2025 17:42:49 +0200
Subject: [PATCH] feat(abs): improve dbus core abstractions

---
 apparmor.d/abstractions/bus/org.freedesktop.Accounts   |  4 ++--
 apparmor.d/abstractions/bus/org.freedesktop.Avahi      |  2 +-
 .../abstractions/bus/org.freedesktop.portal.Desktop    | 10 +++++-----
 apparmor.d/abstractions/bus/org.freedesktop.secrets    |  4 ++--
 .../abstractions/bus/org.gnome.Mutter.IdleMonitor      |  4 ++--
 apparmor.d/abstractions/bus/org.gnome.SessionManager   |  5 +++++
 apparmor.d/abstractions/bus/org.gtk.Notifications      |  2 +-
 apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker   |  2 +-
 8 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Accounts b/apparmor.d/abstractions/bus/org.freedesktop.Accounts
index d15288d46..e77f17b88 100644
--- a/apparmor.d/abstractions/bus/org.freedesktop.Accounts
+++ b/apparmor.d/abstractions/bus/org.freedesktop.Accounts
@@ -8,8 +8,8 @@
 
   dbus send bus=system path=/org/freedesktop/Accounts
        interface=org.freedesktop.Accounts
-       member={FindUserByName,ListCachedUsers}
-       peer=(name="@{busname}", label="@{p_accounts_daemon}"),
+       member={FindUserByName,ListCachedUsers,FindUserById}
+       peer=(name="{@{busname},org.freedesktop.Accounts}", label="@{p_accounts_daemon}"),
 
   dbus receive bus=system path=/org/freedesktop/Accounts/User@{uid}
        interface=org.freedesktop.Accounts.User
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Avahi b/apparmor.d/abstractions/bus/org.freedesktop.Avahi
index aa48e69b1..4ddf95af3 100644
--- a/apparmor.d/abstractions/bus/org.freedesktop.Avahi
+++ b/apparmor.d/abstractions/bus/org.freedesktop.Avahi
@@ -23,7 +23,7 @@
 
   dbus receive bus=system path=/Client@{int}/ServiceBrowser@{int}
        interface=org.freedesktop.Avahi.ServiceBrowser
-       member={ItemNew,AllForNow,CacheExhausted}
+       member={ItemNew,ItemRemove,AllForNow,CacheExhausted}
        peer=(name="@{busname}", label="@{p_avahi_daemon}"),
 
   dbus receive bus=system path=/
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop
index 2753a6602..4d4faf688 100644
--- a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop
+++ b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop
@@ -14,22 +14,22 @@
   dbus send bus=session path=/org/freedesktop/portal/desktop
        interface=org.freedesktop.portal.Settings
        member={Read,ReadAll}
-       peer=(name="@{busname}", label=xdg-desktop-portal),
+       peer=(name=@{busname}, label=xdg-desktop-portal),
 
   dbus receive bus=session path=/org/freedesktop/portal/desktop
        interface=org.freedesktop.portal.Settings
        member=SettingChanged
-       peer=(name="@{busname}", label=xdg-desktop-portal),
+       peer=(name=@{busname}, label=xdg-desktop-portal),
 
-  dbus receive bus=session path=/org/freedesktop/portal/desktop
+  dbus receive bus=session path=/org/freedesktop/portal/desktop{,/**}
        interface=org.freedesktop.DBus.Properties
        member={Get,GetAll}
-       peer=(name="@{busname}", label=xdg-desktop-portal),
+       peer=(name=@{busname}, label=xdg-desktop-portal),
 
   dbus receive bus=session path=/org/freedesktop/portal/desktop
        interface=org.freedesktop.impl.portal.Settings
        member={Read,ReadAll}
-       peer=(name="@{busname}", label=xdg-desktop-portal),
+       peer=(name=@{busname}, label=xdg-desktop-portal),
 
   dbus send bus=session path=/org/freedesktop/portal/desktop
        interface=org.freedesktop.host.portal.Registry
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.secrets b/apparmor.d/abstractions/bus/org.freedesktop.secrets
index a2389a68a..e30e7b1c2 100644
--- a/apparmor.d/abstractions/bus/org.freedesktop.secrets
+++ b/apparmor.d/abstractions/bus/org.freedesktop.secrets
@@ -8,8 +8,8 @@
 
   dbus send bus=session path=/org/freedesktop/secrets
        interface=org.freedesktop.Secret.Service
-       member={OpenSession,GetSecrets,SearchItems,ReadAlias}
-       peer=(name="@{busname}", label=gnome-keyring-daemon),
+       member={OpenSession,GetSecrets,SearchItems,Unlock,ReadAlias}
+       peer=(name="{@{busname},org.freedesktop.secrets}", label=gnome-keyring-daemon),
 
   dbus send bus=session path=/org/freedesktop/secrets/aliases/default
        interface=org.freedesktop.Secret.Collection
diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor
index 3eb301f18..8eb573f7e 100644
--- a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor
+++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor
@@ -13,8 +13,8 @@
 
   dbus send bus=session path=/org/gnome/Mutter/IdleMonitor/Core
        interface=org.gnome.Mutter.IdleMonitor
-       member={AddIdleWatch,AddUserActiveWatch,RemoveWatch}
-       peer=(name="@{busname}", label=gnome-shell),
+       member={AddIdleWatch,AddUserActiveWatch,RemoveWatch,GetIdletime}
+       peer=(name="@{busname},org.gnome.Mutter.IdleMonitor", label=gnome-shell),
 
   dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
        interface=org.gnome.Mutter.IdleMonitor
diff --git a/apparmor.d/abstractions/bus/org.gnome.SessionManager b/apparmor.d/abstractions/bus/org.gnome.SessionManager
index 0683a98fb..a532b67f2 100644
--- a/apparmor.d/abstractions/bus/org.gnome.SessionManager
+++ b/apparmor.d/abstractions/bus/org.gnome.SessionManager
@@ -13,6 +13,11 @@
        member={RegisterClient,IsSessionRunning}
        peer=(name="@{busname}", label=gnome-session-binary),
 
+  dbus send bus=session path=/org/gnome/SessionManager
+       interface=org.gnome.SessionManager
+       member={Inhibit,Uninhibit}
+       peer=(name="@{busname}", label=gnome-session-binary),
+
   dbus send bus=session path=/org/gnome/SessionManager
        interface=org.gnome.SessionManager
        member={Setenv,IsSessionRunning}
diff --git a/apparmor.d/abstractions/bus/org.gtk.Notifications b/apparmor.d/abstractions/bus/org.gtk.Notifications
index b9229f204..ad1a1ffad 100644
--- a/apparmor.d/abstractions/bus/org.gtk.Notifications
+++ b/apparmor.d/abstractions/bus/org.gtk.Notifications
@@ -8,7 +8,7 @@
 
   dbus send bus=session path=/org/gtk/Notifications
        interface=org.gtk.Notifications
-       member=RemoveNotification
+       member={AddNotification,RemoveNotification}
        peer=(name=org.gtk.Notifications, label=gnome-shell),
 
   include if exists <abstractions/bus/org.gtk.Notifications.d>
diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker
index d88afd0ee..c455d4f18 100644
--- a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker
+++ b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker
@@ -21,7 +21,7 @@
 
   dbus receive bus=session path=/org/gtk/vfs/mounttracker
        interface=org.gtk.vfs.MountTracker
-       member=Mounted
+       member={Mounted,Unmounted}
        peer=(name="@{busname}", label=gvfsd),
 
   include if exists <abstractions/bus/org.gtk.vfs.MountTracker.d>