feat(abs): ensure ca.desrt.dconf.Writer dbus is part of dconf-write only.

apparmor.d/abstractions/bus/ca.desrt.dconf.Writer

@@ -0,0 +1,19 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  abi <abi/4.0>,
+
+  dbus send bus=session path=/ca/desrt/dconf/Writer/user
+       interface=ca.desrt.dconf.Writer
+       member=Change
+       peer=(name=ca.desrt.dconf), # no peer's labels
+
+  dbus receive bus=session path=/ca/desrt/dconf/Writer/user
+       interface=ca.desrt.dconf.Writer
+       member=Notify
+       peer=(name=@{busname}, label=dconf-service),
+
+  include if exists <abstractions/bus/ca.desrt.dconf.Writer.d>
+
+# vim:syntax=apparmor

apparmor.d/abstractions/dconf-write

@@ -8,6 +8,7 @@
   abi <abi/4.0>,
 
   include <abstractions/dconf>
+  include <abstractions/bus/ca.desrt.dconf.Writer>
 
   owner @{user_config_dirs}/glib-2.0/settings/keyfile w,
 

apparmor.d/abstractions/dconf.d/complete

@@ -2,16 +2,6 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  dbus send bus=session path=/ca/desrt/dconf/Writer/user
-       interface=ca.desrt.dconf.Writer
-       member=Change
-       peer=(name=ca.desrt.dconf), # no peer's labels
-
-  dbus receive bus=session path=/ca/desrt/dconf/Writer/user
-       interface=ca.desrt.dconf.Writer
-       member=Notify
-       peer=(name=@{busname}, label=dconf-service),
-
   /usr/share/dconf/profile/gdm r,
 
   owner @{user_config_dirs}/glib-2.0/settings/keyfile r,