ABI 4; document directories; amule//shell was deleted

apparmor.d/profiles-a-f/alc

@@ -2,7 +2,7 @@
 # Copyright (C) 2024 Roman Beslik <me@beroal.in.ua>
 # SPDX-License-Identifier: GPL-2.0-only
 
-abi <abi/3.0>,
+abi <abi/4.0>,
 
 include <tunables/global>
 
@@ -11,12 +11,9 @@ profile alc @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
   include <abstractions/gnome-strict>
-  include <abstractions/user-download-strict>
-  include <abstractions/user-read-strict>
 
   @{exec_path} mr,
-
-  @{user_documents_dirs}/{,**} rw,
+  @{user_torrents_dirs}/{,**} rw,
 
   include if exists <local/alc>
 }

apparmor.d/profiles-a-f/alcc

@@ -2,7 +2,7 @@
 # Copyright (C) 2024 Roman Beslik <me@beroal.in.ua>
 # SPDX-License-Identifier: GPL-2.0-only
 
-abi <abi/3.0>,
+abi <abi/4.0>,
 
 include <tunables/global>
 
@@ -10,9 +10,9 @@ include <tunables/global>
 profile alcc @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
-  include <abstractions/user-download-strict>
 
   @{exec_path} mr,
+  @{user_torrents_dirs}/{,**} r,
 
   include if exists <local/alcc>
 }

apparmor.d/profiles-a-f/amule

@@ -2,7 +2,7 @@
 # Copyright (C) 2024 Roman Beslik <me@beroal.in.ua>
 # SPDX-License-Identifier: GPL-2.0-only
 
-abi <abi/3.0>,
+abi <abi/4.0>,
 
 include <tunables/global>
 
@@ -19,7 +19,6 @@ profile amule @{exec_path} {
   network inet6 stream,
   network netlink raw,
 
-  @{sh_path} Cx -> shell, 
 
   # Previewing files isn't allowed
   # because aMule opens viewers directly instead of via `xdg-open`.
@@ -28,26 +27,13 @@ profile amule @{exec_path} {
   # @{open_path} rPx -> child-open,
 
   @{exec_path} mr,
+  @{bin}/uname rPx,
+  @{sh_path} rix,
   @{system_share_dirs}/amule/{,**} r,
   owner @{HOME}/.aMule/{,**} rwk,
+  @{user_torrents_dirs}/{,**} rw,
 
   include if exists <local/amule>
-
-  profile shell flags=(attach_disconnected) {
-    include <abstractions/base>
-
-    network inet dgram,
-    network inet stream,
-    network inet6 dgram,
-    network inet6 stream,
-
-    @{bin}/uname rPx,
-
-    @{sh_path} mr,
-
-    deny /dev/tty rw,
-    deny @{HOME}/.aMule/{,**} rw, # file_inherit
-  }
 }
 
 # vim:syntax=apparmor

apparmor.d/profiles-a-f/cas

@@ -2,7 +2,7 @@
 # Copyright (C) 2024 Roman Beslik <me@beroal.in.ua>
 # SPDX-License-Identifier: GPL-2.0-only
 
-abi <abi/3.0>,
+abi <abi/4.0>,
 
 include <tunables/global>
 

apparmor.d/profiles-a-f/ed2k

@@ -2,7 +2,7 @@
 # Copyright (C) 2024 Roman Beslik <me@beroal.in.ua>
 # SPDX-License-Identifier: GPL-2.0-only
 
-abi <abi/3.0>,
+abi <abi/4.0>,
 
 include <tunables/global>
 

apparmor.d/profiles-a-f/fileview

@@ -2,7 +2,7 @@
 # Copyright (C) 2024 Roman Beslik <me@beroal.in.ua>
 # SPDX-License-Identifier: GPL-2.0-only
 
-abi <abi/3.0>,
+abi <abi/4.0>,
 
 include <tunables/global>
 
@@ -18,7 +18,7 @@ profile fileview @{exec_path} {
   # The following directories are those that users likely want to read.
   # However, this program is usable without the permissions below.
   owner @{HOME}/.aMule/{,**} r,
-  @{user_documents_dirs}/{,**} r,
+  @{user_torrents_dirs}/{,**} r,
 
   include if exists <local/fileview>
 }