feat(profile): cleanup profiles using the new abs.

apparmor.d/abstractions/app/chromium

@@ -34,7 +34,7 @@
   include <abstractions/common/chromium>
   include <abstractions/dconf-write>
   include <abstractions/desktop>
-  include <abstractions/devices-usb>
+  include <abstractions/devices-usb-read>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/graphics>
   include <abstractions/nameservice-strict>

apparmor.d/abstractions/common/app

@@ -28,8 +28,11 @@
   include <abstractions/gstreamer>
   include <abstractions/input>
   include <abstractions/nameservice-strict>
+  include <abstractions/notifications>
   include <abstractions/p11-kit>
   include <abstractions/path>
+  include <abstractions/screensaver>
+  include <abstractions/secrets-service>
   include <abstractions/sqlite>
   include <abstractions/ssl_certs>
 

apparmor.d/abstractions/common/game

@@ -20,6 +20,7 @@
   include <abstractions/input>
   include <abstractions/nameservice-strict>
   include <abstractions/ssl_certs>
+  include <abstractions/uinput>
 
   @{bin}/uname          rix,
   @{bin}/xdg-settings   rPx,
@@ -67,9 +68,6 @@
   owner /dev/shm/mono.@{int} rw,
   owner /dev/shm/softbuffer-x11-@{rand6}@{c} rw,
 
-  @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
-  @{run}/udev/data/c13:@{int}  r,         # for /dev/input/*
-
   @{sys}/ r,
   @{sys}/bus/ r,
   @{sys}/class/ r,
@@ -80,7 +78,6 @@
   @{sys}/devices/@{pci}/net/*/carrier r,
   @{sys}/devices/**/input@{int}/ r,
   @{sys}/devices/**/input@{int}/**/{vendor,product} r,
-  @{sys}/devices/**/input@{int}/capabilities/* r,
   @{sys}/devices/**/input/input@{int}/ r,
   @{sys}/devices/**/uevent r,
   @{sys}/devices/system/ r,

apparmor.d/groups/bluetooth/bluetoothd

@@ -12,6 +12,7 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/bus-system>
   include <abstractions/bus/org.freedesktop.hostname1>
+  include <abstractions/uinput>
 
   # Needed for configuring HCI interfaces
   capability net_admin,
@@ -57,7 +58,6 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
   @{PROC}/sys/kernel/hostname r,
 
   /dev/uhid rw,
-  /dev/uinput rw,
   /dev/rfkill rw,
   /dev/hidraw@{int} rw,
 

apparmor.d/groups/steam/steam

@@ -41,6 +41,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/ssl_certs>
+  include <abstractions/uinput>
   include <abstractions/video>
 
   capability sys_ptrace,
@@ -245,7 +246,6 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
   /dev/input/ r,
-  /dev/uinput w,
 
   deny /opt/** r,
 
@@ -353,8 +353,6 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
     @{sys}/devices/**/report_descriptor r,
     @{sys}/devices/**/uevent r,
     @{sys}/devices/@{pci}/usb@{int}/**/{idVendor,idProduct,interface} r,
-    @{sys}/devices/system/cpu/kernel_max r,
-    @{sys}/devices/virtual/tty/tty@{int}/active r,
 
           @{PROC}/ r,
           @{PROC}/version r,

apparmor.d/profiles-s-z/spice-vdagentd

@@ -11,6 +11,7 @@ profile spice-vdagentd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/bus-system>
   include <abstractions/bus/org.freedesktop.login1.Session>
+  include <abstractions/uinput>
 
   capability sys_nice,
 
@@ -24,7 +25,6 @@ profile spice-vdagentd @{exec_path} flags=(attach_disconnected) {
 
   @{PROC}/@{pids}/cgroup r,
 
-  /dev/uinput rw,
   /dev/vport@{int}p@{int} rw,
 
   include if exists <local/spice-vdagentd>