From 9d1de3238b79186d1c7a3a0ed695ee835c9dd711 Mon Sep 17 00:00:00 2001
From: valoq <valoq@mailbox.org>
Date: Tue, 6 Feb 2024 20:05:18 +0100
Subject: [PATCH] add profiles

---
 apparmor.d/groups/apps/imv-wayland | 34 +++++++++++++++++++++++++++++
 apparmor.d/groups/apps/zathura     | 35 ++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 apparmor.d/groups/apps/imv-wayland
 create mode 100644 apparmor.d/groups/apps/zathura

diff --git a/apparmor.d/groups/apps/imv-wayland b/apparmor.d/groups/apps/imv-wayland
new file mode 100644
index 000000000..121459d8c
--- /dev/null
+++ b/apparmor.d/groups/apps/imv-wayland
@@ -0,0 +1,34 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/imv-wayland
+profile imv @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/freedesktop.org>
+  include <abstractions/fonts>
+  include <abstractions/fontconfig-cache-read>
+  include <abstractions/graphics>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  /etc/imv_config r,
+  /usr/share/X11/xkb/** r,
+  /tmp/ r,
+
+  owner @{user_config_dirs}/imv/config
+
+  owner @{HOME}/ r,
+  owner @{HOME}/[^.]**  r,
+
+  owner /mnt/** r,
+  owner /media/** r,
+
+  owner @{run}/user/*/imv-*.sock w,
+
+  include if exists <local/imv-wayland>
+}
diff --git a/apparmor.d/groups/apps/zathura b/apparmor.d/groups/apps/zathura
new file mode 100644
index 000000000..b479f04fb
--- /dev/null
+++ b/apparmor.d/groups/apps/zathura
@@ -0,0 +1,35 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/zathura 
+profile zathura @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/freedesktop.org>
+  include <abstractions/fonts>
+  include <abstractions/fontconfig-cache-read>
+  include <abstractions/nameservice-strict>
+  include <abstractions/dconf-write>
+
+  @{exec_path} mr,
+
+  /usr/share/{,**} r,
+  /etc/xdg/{,**} r,
+  /etc/zathurarc r,
+
+  owner @{user_config_dirs}/zathura/** r,
+  owner @{user_share_dirs}/zathura/** rwk,
+
+  owner @{HOME}/ r,
+  owner @{HOME}/[^.]**  r,
+
+  owner /mnt/** r,
+  owner /media/** r,
+
+  owner /tmp/gtkprint* rw,
+
+  include if exists <local/zathura>
+}