update apparmor profiles

apparmor.d/abstractions/fontconfig-cache-write

@@ -12,17 +12,23 @@
   owner @{HOME}/.fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw,
   owner @{HOME}/.fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk,
 
+  owner @{HOME}/.fonts/ rw,
+   link @{HOME}/.fonts/.uuid.LCK -> @{HOME}/.fonts/.uuid.TMP-*,
+  owner @{HOME}/.fonts/.uuid{,.NEW,.LCK,.TMP-*}  r,
+  owner @{HOME}/.fonts/.uuid{,.NEW,.LCK,.TMP-*}  w,
+
   # This is to create .uuid file containing an UUID at a font directory. The UUID will be used to
   # identify the font directory and is used to determine the cache filename if available.
+  owner /usr/local/share/fonts/ rw,
   owner /usr/local/share/fonts/.uuid{,.NEW,.LCK,.TMP-*} rw,
    link /usr/local/share/fonts/.uuid.LCK -> /usr/local/share/fonts/.uuid.TMP-*,
+  # Should writing to these dirs be blocked?
         /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*}  r,
   deny  /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*}  w,
 
-  # For Google Fonts downloaded via font-manager (###FIXME### when they fix resolving of vars)
-  owner "@{user_share_dirs}/fonts/Google Fonts/.uuid{,.NEW,.LCK,.TMP-*}" rw,
-   link "@{user_share_dirs}/fonts/Google Fonts/.uuid.LCK" -> "/home/*/.local/share/fonts/Google Fonts/.uuid.TMP-*",
-  owner "@{user_share_dirs}/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" rw,
-   link "@{user_share_dirs}/fonts/Google Fonts/**/.uuid.LCK" -> "/home/*/.local/share/fonts/Google Fonts/**/.uuid.TMP-*",
+  # For fonts downloaded via font-manager (###FIXME### when they fix resolving of vars)
+  owner @{user_share_dirs}/fonts/ rw,
+  owner @{user_share_dirs}/fonts/**/.uuid{,.NEW,.LCK,.TMP-*} rw,
+   link @{user_share_dirs}/fonts/**/.uuid.LCK -> /home/*/.local/share/fonts/**/.uuid.TMP-*,
 
-  include if exists <abstractions/fontconfig-cache-write.d>
+  include if exists <abstractions/fontconfig-cache-write.d>