From 7badf80854e6bf008110e56ba839d272f5219beb Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 9 Mar 2025 22:58:27 +0100
Subject: [PATCH] feat(profile): improve dbus abstractions and
 interopaerability with profiles.

---
 apparmor.d/abstractions/app/systemctl          |  1 +
 apparmor.d/abstractions/dbus-strict.d/complete | 12 +++++++++++-
 apparmor.d/abstractions/ibus.d/complete        |  5 +++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/abstractions/app/systemctl b/apparmor.d/abstractions/app/systemctl
index 8489bb275..4ecfbecad 100644
--- a/apparmor.d/abstractions/app/systemctl
+++ b/apparmor.d/abstractions/app/systemctl
@@ -11,6 +11,7 @@
   ptrace read peer=@{p_systemd},
 
   unix bind type=stream addr=@@{udbus}/bus/systemctl/,
+  unix bind type=stream addr=@@{udbus}/bus/systemctl/system,
 
   @{bin}/systemctl mr,
 
diff --git a/apparmor.d/abstractions/dbus-strict.d/complete b/apparmor.d/abstractions/dbus-strict.d/complete
index 86936b953..0428c745a 100644
--- a/apparmor.d/abstractions/dbus-strict.d/complete
+++ b/apparmor.d/abstractions/dbus-strict.d/complete
@@ -2,6 +2,16 @@
 # Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  include <abstractions/bus-system>
+  dbus send bus=system path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus
+       member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
+       peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"),
+
+  dbus send bus=system path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus
+       member={RequestName,ReleaseName}
+       peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"),
+
+  @{run}/dbus/system_bus_socket rw,
 
 # vim:syntax=apparmor
diff --git a/apparmor.d/abstractions/ibus.d/complete b/apparmor.d/abstractions/ibus.d/complete
index 33d034b5a..5c53b9fa1 100644
--- a/apparmor.d/abstractions/ibus.d/complete
+++ b/apparmor.d/abstractions/ibus.d/complete
@@ -21,6 +21,11 @@
        type=stream
        addr="@/home/*/.cache/ibus/dbus-????????",
 
+  dbus receive bus=session path=/org/freedesktop/IBus
+       interface=org.freedesktop.DBus.Peer
+       member=Ping
+       peer=(name=@{busname}, label=ibus-daemon),
+
   owner @{user_cache_dirs}/ibus/dbus-@{rand8} rw,
 
 # vim:syntax=apparmor