From a69dc5bc8be1b18417916da0216deba747df0a21 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 20 Mar 2025 00:30:24 +0100
Subject: [PATCH] feat(abs): ensure ca.desrt.dconf.Writer dbus is part of
 dconf-write only.

---
 .../abstractions/bus/ca.desrt.dconf.Writer    | 19 +++++++++++++++++++
 apparmor.d/abstractions/dconf-write           |  1 +
 apparmor.d/abstractions/dconf.d/complete      | 10 ----------
 3 files changed, 20 insertions(+), 10 deletions(-)
 create mode 100644 apparmor.d/abstractions/bus/ca.desrt.dconf.Writer

diff --git a/apparmor.d/abstractions/bus/ca.desrt.dconf.Writer b/apparmor.d/abstractions/bus/ca.desrt.dconf.Writer
new file mode 100644
index 000000000..9bad3655d
--- /dev/null
+++ b/apparmor.d/abstractions/bus/ca.desrt.dconf.Writer
@@ -0,0 +1,19 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  abi <abi/4.0>,
+
+  dbus send bus=session path=/ca/desrt/dconf/Writer/user
+       interface=ca.desrt.dconf.Writer
+       member=Change
+       peer=(name=ca.desrt.dconf), # no peer's labels
+
+  dbus receive bus=session path=/ca/desrt/dconf/Writer/user
+       interface=ca.desrt.dconf.Writer
+       member=Notify
+       peer=(name=@{busname}, label=dconf-service),
+
+  include if exists <abstractions/bus/ca.desrt.dconf.Writer.d>
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/abstractions/dconf-write b/apparmor.d/abstractions/dconf-write
index e84ffcb2e..3f25c66af 100644
--- a/apparmor.d/abstractions/dconf-write
+++ b/apparmor.d/abstractions/dconf-write
@@ -8,6 +8,7 @@
   abi <abi/4.0>,
 
   include <abstractions/dconf>
+  include <abstractions/bus/ca.desrt.dconf.Writer>
 
   owner @{user_config_dirs}/glib-2.0/settings/keyfile w,
 
diff --git a/apparmor.d/abstractions/dconf.d/complete b/apparmor.d/abstractions/dconf.d/complete
index 4f53689d5..b207e4539 100644
--- a/apparmor.d/abstractions/dconf.d/complete
+++ b/apparmor.d/abstractions/dconf.d/complete
@@ -2,16 +2,6 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  dbus send bus=session path=/ca/desrt/dconf/Writer/user
-       interface=ca.desrt.dconf.Writer
-       member=Change
-       peer=(name=ca.desrt.dconf), # no peer's labels
-
-  dbus receive bus=session path=/ca/desrt/dconf/Writer/user
-       interface=ca.desrt.dconf.Writer
-       member=Notify
-       peer=(name=@{busname}, label=dconf-service),
-
   /usr/share/dconf/profile/gdm r,
 
   owner @{user_config_dirs}/glib-2.0/settings/keyfile r,