From a16cbede0b4905feb40d9ecf7423bfefb4ad048c Mon Sep 17 00:00:00 2001
From: curiosityseeker <60518106+curiosityseeker@users.noreply.github.com>
Date: Wed, 10 Jan 2024 21:03:11 +0100
Subject: [PATCH] Various updates (#271)

* Update kwin_wayland

* Update plasmashell

* Update pacman-hook-fontconfig

* Update ksplashqml

`/usr/share/qt/translations/*.qm r,` is also in the qt5 abstraction. However, it seems that all other rules therein are not needed so I didn't use that abstraction.

* Update startplasma
---
 apparmor.d/groups/kde/ksplashqml                |  9 ++++++++-
 apparmor.d/groups/kde/kwin_wayland              | 13 ++++++++-----
 apparmor.d/groups/kde/plasmashell               |  3 ++-
 apparmor.d/groups/kde/startplasma               |  2 +-
 apparmor.d/groups/pacman/pacman-hook-fontconfig |  3 ++-
 5 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/apparmor.d/groups/kde/ksplashqml b/apparmor.d/groups/kde/ksplashqml
index f95075b67..90652b151 100644
--- a/apparmor.d/groups/kde/ksplashqml
+++ b/apparmor.d/groups/kde/ksplashqml
@@ -18,9 +18,16 @@ profile ksplashqml @{exec_path} {
   @{exec_path} mr,
 
   /usr/share/plasma/** r,
+  /usr/share/qt/translations/*.qm r,
 
+  owner @{user_cache_dirs}/icon-cache.kcache rw, 
+  owner @{user_cache_dirs}/ksplash/qmlcache/*.qmlc rwl -> @{user_cache_dirs}/ksplash/qmlcache/#@{int},
+  owner @{user_cache_dirs}/ksplash/qmlcache/#@{int} rw,
+  owner @{user_cache_dirs}/ksplash/qmlcache/*.qmlc.@{rand6} rwl -> @{user_cache_dirs}/ksplash/qmlcache/#@{int},
   owner @{user_config_dirs}/kdedefaults/* r,
   owner @{user_config_dirs}/kdeglobals r,
 
+  @{PROC}/sys/kernel/core_pattern r,
+
   include if exists <local/ksplashqml>
-}
\ No newline at end of file
+}
diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland
index fb3bbf662..c428bcaec 100644
--- a/apparmor.d/groups/kde/kwin_wayland
+++ b/apparmor.d/groups/kde/kwin_wayland
@@ -32,7 +32,10 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   @{bin}/plasmashell          r,
   @{bin}/Xwayland             rPx,
   @{lib}/kscreenlocker_greet  rPx,
+  @{lib}/kwin_killer_helper   rix,
 
+  /usr/share/color-schemes/*.colors r,
+  /usr/share/desktop-directories/*.directory r,
   /usr/share/hwdata/pnp.ids r,
   /usr/share/kglobalaccel/{,**} r,
   /usr/share/knotifications5/ksmserver.notifyrc r,
@@ -40,7 +43,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   /usr/share/kservicetypes5/{,*.desktop} r,
   /usr/share/kwin/{,**} r,
   /usr/share/libinput/{,**} r,
-  /usr/share/plasma/desktoptheme/default/{metadata.json,plasmarc} r,
+  /usr/share/plasma/desktoptheme/default/** r,
   /usr/share/qt/translations/*.qm r,
   /usr/share/X11/xkb/{,**} r,
 
@@ -48,9 +51,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   /etc/xdg/menus/{,applications.menu} r,
   /etc/pipewire/client.conf.d/ r,
   /usr/share/pipewire/client.conf r,
-  /usr/share/plasma/desktoptheme/default/** r,
-  /usr/share/desktop-directories/*.directory r,
-  
+    
   owner /var/lib/sddm/.cache/#@{int} rwk,
   owner /var/lib/sddm/.cache/fontconfig/* rwk,
   owner /var/lib/sddm/.cache/fontconfig/*-le64.cache-@{int}{,TMP-@{rand6},NEW,LCK} w,
@@ -60,6 +61,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   owner /var/lib/sddm/.cache/ksycoca5_* rwkl  -> /var/lib/sddm/.cache/#@{int},
 
   owner /var/lib/sddm/.config/#@{int} rw,
+  owner /var/lib/sddm/.config/kcminputrc r,
   owner /var/lib/sddm/.config/kdeglobals r,
   owner /var/lib/sddm/.config/kglobalshortcutsrc.lock rwk,
   owner /var/lib/sddm/.config/kglobalshortcutsrc{,.@{rand6}} rwl -> /var/lib/sddm/.config/#@{int},
@@ -70,11 +72,12 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   owner @{user_cache_dirs}/#@{int} rw,
   owner @{user_cache_dirs}/icon-cache.kcache rw,
   owner @{user_cache_dirs}/ksycoca5_* r,
+  owner @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
   owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc rw,
   owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc.@{rand6} rwl -> @{user_cache_dirs}/kwin/qmlcache/#@{int},
   owner @{user_cache_dirs}/kwin/qmlcache/#@{int} rw,
   owner @{user_cache_dirs}/plasma_theme_default_v*.kcache rw,
-  owner @{user_cache_dirs}/plasma-svgelements r,
+  owner @{user_cache_dirs}/plasma-svgelements rw,
   owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwl -> @{user_cache_dirs}/#@{int},
   owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
   owner @{user_share_dirs}/kscreen/* r,
diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell
index b6151b6d1..3b10976f7 100644
--- a/apparmor.d/groups/kde/plasmashell
+++ b/apparmor.d/groups/kde/plasmashell
@@ -137,9 +137,10 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
 
   owner @{user_share_dirs}/#@{int} rw,
   owner @{user_share_dirs}/akonadi/search_db/{,**} r,
-  owner @{user_share_dirs}/kactivitymanagerd/resources/database rk,
+  owner @{user_share_dirs}/kactivitymanagerd/resources/database rwk,
   owner @{user_share_dirs}/kactivitymanagerd/resources/database-shm rwk,
   owner @{user_share_dirs}/kactivitymanagerd/resources/database-wal rw,
+  owner @{user_share_dirs}/kio/servicemenus/{,**} r,
   owner @{user_share_dirs}/klipper/{,*} rwl,
   owner @{user_share_dirs}/konsole/ r,
   owner @{user_share_dirs}/kpeople/persondb rwk,
diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma
index c39a18202..d106288cb 100644
--- a/apparmor.d/groups/kde/startplasma
+++ b/apparmor.d/groups/kde/startplasma
@@ -38,7 +38,7 @@ profile startplasma @{exec_path} {
   owner @{HOME}/.Xauthority r,
 
   owner @{user_cache_dirs}/ rw,
-  owner @{user_cache_dirs}/#@{int} rw,
+  owner @{user_cache_dirs}/#@{int} rwk,
   owner @{user_cache_dirs}/kcrash-metadata/ rw,
         @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
   owner @{user_cache_dirs}/plasma-svgelements rw,
diff --git a/apparmor.d/groups/pacman/pacman-hook-fontconfig b/apparmor.d/groups/pacman/pacman-hook-fontconfig
index 5ceeaed40..8537c56d8 100644
--- a/apparmor.d/groups/pacman/pacman-hook-fontconfig
+++ b/apparmor.d/groups/pacman/pacman-hook-fontconfig
@@ -21,6 +21,7 @@ profile pacman-hook-fontconfig @{exec_path} {
   /etc/fonts/conf.d/* rwl,
   /usr/share/fontconfig/conf.default/* r,
 
+  /dev/pts/@{int} rw,
   /dev/tty rw,
 
   # Inherit Silencer
@@ -28,4 +29,4 @@ profile pacman-hook-fontconfig @{exec_path} {
   deny network inet stream,
 
   include if exists <local/pacman-hook-fontconfig>
-}
\ No newline at end of file
+}