From 93c94836e292a2e4b39cea261e6891e30b74d6a6 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 11 Sep 2025 23:56:14 +0200
Subject: [PATCH] feat(abs): add snapcraft dbus reference call.

---
 .../bus/session/io.snapcraft.Launcher         | 21 +++++++++++++++++++
 .../io.snapcraft.PrivilegedDesktopLauncher    | 16 ++++++++++++++
 .../bus/session/io.snapcraft.Settings         | 16 ++++++++++++++
 3 files changed, 53 insertions(+)
 create mode 100644 apparmor.d/abstractions/bus/session/io.snapcraft.Launcher
 create mode 100644 apparmor.d/abstractions/bus/session/io.snapcraft.PrivilegedDesktopLauncher
 create mode 100644 apparmor.d/abstractions/bus/session/io.snapcraft.Settings

diff --git a/apparmor.d/abstractions/bus/session/io.snapcraft.Launcher b/apparmor.d/abstractions/bus/session/io.snapcraft.Launcher
new file mode 100644
index 000000000..ca2bf92c8
--- /dev/null
+++ b/apparmor.d/abstractions/bus/session/io.snapcraft.Launcher
@@ -0,0 +1,21 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Allow use of snapd's internal xdg-open
+
+  abi <abi/4.0>,
+
+  dbus send bus=session path=/
+      interface=com.canonical.SafeLauncher
+      member=OpenURL
+      peer=(name=@{busname}, label=snap),
+
+  dbus send bus=session path=/io/snapcraft/Launcher
+       interface=io.snapcraft.Launcher
+       member={OpenURL,OpenFile}
+       peer=(name=@{busname}, label=snap),
+
+  include if exists <abstractions/bus/session/io.snapcraft.Launcher.d>
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/abstractions/bus/session/io.snapcraft.PrivilegedDesktopLauncher b/apparmor.d/abstractions/bus/session/io.snapcraft.PrivilegedDesktopLauncher
new file mode 100644
index 000000000..704d9010d
--- /dev/null
+++ b/apparmor.d/abstractions/bus/session/io.snapcraft.PrivilegedDesktopLauncher
@@ -0,0 +1,16 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Can identify and launch other snaps.
+
+  abi <abi/4.0>,
+
+  dbus send bus=session path=/io/snapcraft/PrivilegedDesktopLauncher
+       interface=io.snapcraft.PrivilegedDesktopLauncher
+       member=OpenDesktopEntry
+       peer=(name=io.snapcraft.Launcher, label=snap),
+
+  include if exists <abstractions/bus/session/io.snapcraft.PrivilegedDesktopLauncher.d>
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/abstractions/bus/session/io.snapcraft.Settings b/apparmor.d/abstractions/bus/session/io.snapcraft.Settings
new file mode 100644
index 000000000..c50753cd6
--- /dev/null
+++ b/apparmor.d/abstractions/bus/session/io.snapcraft.Settings
@@ -0,0 +1,16 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Allow use of snapd's internal 'xdg-settings'
+
+  abi <abi/4.0>,
+
+  dbus send bus=session path=/io/snapcraft/Settings
+       interface=io.snapcraft.Settings
+       member={Check,CheckSub,Get,GetSub,Set,SetSub}
+       peer=(name=io.snapcraft.Settings, label=snap),
+
+  include if exists <abstractions/bus/session/io.snapcraft.Settings.d>
+
+# vim:syntax=apparmor