update apparmor profiles

apparmor.d/abstractions/X

@@ -3,7 +3,7 @@
 #
 #    Copyright (C) 2002-2009 Novell/SUSE
 #    Copyright (C) 2009-2011 Canonical Ltd.
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -31,7 +31,7 @@
   owner @{run}/user/*/xauth_* r,
 
   # the unix socket to use to connect to the display
-  /tmp/.X11-unix/* r,
+  /tmp/.X11-unix/* rw,
   unix (connect, receive, send)
        type=stream
        peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
@@ -53,6 +53,8 @@
 
   # Xcompose
   owner @{HOME}/.XCompose         r,
+  /var/cache/libx11/compose/*     r,
+  deny /var/cache/libx11/compose/* wlk,
 
   # mouse themes
   /etc/X11/cursors/               r,

apparmor.d/abstractions/app-launcher-root

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2020 Mikhail Morfikov
+#    Copyright (C) 2020-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/app-launcher-user

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2020 Mikhail Morfikov
+#    Copyright (C) 2020-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/apt-common

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2019-2020 Mikhail Morfikov
+#    Copyright (C) 2019-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/deny-dconf

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2019-2020 Mikhail Morfikov
+#    Copyright (C) 2019-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/deny-root-dir-access

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2020 Mikhail Morfikov
+#    Copyright (C) 2020-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/disks-read

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2019-2020 Mikhail Morfikov
+#    Copyright (C) 2019-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/disks-write

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2019-2020 Mikhail Morfikov
+#    Copyright (C) 2019-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/file-browsing-strict

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2019-2020 Mikhail Morfikov
+#    Copyright (C) 2019-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/flatpak-snap

@@ -3,7 +3,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2018 Nibaldo Gonzalez <nibgonz@gmail.com>
-#    Copyright (C) 2019-2020 Mikhail Morfikov
+#    Copyright (C) 2019-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/fontconfig-cache-read

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/fontconfig-cache-write

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/fonts

@@ -52,6 +52,8 @@
   owner @{HOME}/.fonts.conf.d/**        r,
   owner @{HOME}/.config/fontconfig/     r,
   owner @{HOME}/.config/fontconfig/**   r,
+  owner @{HOME}/.Fontmatrix/Activated/  r,
+  owner @{HOME}/.Fontmatrix/Activated/** r,
 
   /usr/local/share/fonts/               r,
   /usr/local/share/fonts/**             r,

apparmor.d/abstractions/fzf

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/gtk

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2017-2020 Mikhail Morfikov
+#    Copyright (C) 2017-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/kde4

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2019-2020 Mikhail Morfikov
+#    Copyright (C) 2019-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/kde5-plasma5

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/mesa

@@ -12,11 +12,18 @@
 
   # User files
   owner @{HOME}/.cache/ w, # if user clears all caches
-  owner @{HOME}/.cache/mesa_shader_cache/ w,
+  owner @{HOME}/.cache/mesa_shader_cache/ rw,
   owner @{HOME}/.cache/mesa_shader_cache/index rw,
-  owner @{HOME}/.cache/mesa_shader_cache/??/ w,
-  owner @{HOME}/.cache/mesa_shader_cache/??/* rwk,
+  owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw,
+  owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw,
+  owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk,
 
+  # Fallback location when @{HOME}/.cache is not available
+  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/ rw,
+  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/index rw,
+  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw,
+  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw,
+  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk,
 
   # Include additions to the abstraction
   include if exists <abstractions/mesa.d>

apparmor.d/abstractions/mesa-cache-write

@@ -1,31 +0,0 @@
-# vim:syntax=apparmor
-# ------------------------------------------------------------------
-#
-#    Copyright (C) 2018-2020 Mikhail Morfikov
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-  abi <abi/3.0>,
-
-  # System files
-  /dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2()
-
-  # Mesa cache (since mesa v18.1.1)
-  owner @{HOME}/.cache/mesa_shader_cache/ rw,
-  owner @{HOME}/.cache/mesa_shader_cache/index rw,
-  owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw,
-  owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw,
-  owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk,
-
-  # If the dir in @{HOME}/.cache is not writable, it uses a dir in /tmp/
-  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/ rw,
-  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/index rw,
-  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw,
-  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw,
-  owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk,
-
-

apparmor.d/abstractions/nameservice-strict

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2019-2020 Mikhail Morfikov
+#    Copyright (C) 2019-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/systemd-common

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2019-2020 Mikhail Morfikov
+#    Copyright (C) 2019-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/thumbnails-cache-read

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/thumbnails-cache-write

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/trash

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/user-download-strict

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/vlc-art-cache-write

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public

apparmor.d/abstractions/wayland

@@ -2,7 +2,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2016 intrigeri <intrigeri@boum.org>
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -15,5 +15,7 @@
   owner @{run}/user/[0-9]*/wayland-[0-9]* rw,
   owner @{run}/user/[0-9]*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw,
 
+  owner /dev/shm/wlroots-* rw,
+
   # Include additions to the abstraction
   include if exists <abstractions/wayland.d>

apparmor.d/abstractions/zsh

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018-2020 Mikhail Morfikov
+#    Copyright (C) 2018-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public