feat(profiles): initial dbus integration (no dbus rule yet).

apparmor.d/groups/freedesktop/accounts-daemon

@@ -9,8 +9,9 @@ include <tunables/global>
 
 @{exec_path} =  /{usr/,}lib/accountsservice/accounts-daemon
 @{exec_path} += @{libexec}/accounts-daemon
-profile accounts-daemon @{exec_path} {
+profile accounts-daemon @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
   include <abstractions/wutmp>
 

apparmor.d/groups/freedesktop/at-spi-bus-launcher

@@ -11,6 +11,7 @@ include <tunables/global>
 @{exec_path} += @{libexec}/at-spi-bus-launcher
 profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/dbus-session>
   include <abstractions/dconf>
   include <abstractions/nameservice-strict>
 

apparmor.d/groups/freedesktop/colord

@@ -1,6 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2018-2021 Mikhail Morfikov
-#               2021 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2018-2022 Mikhail Morfikov
+# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -11,11 +11,18 @@ include <tunables/global>
 @{exec_path} += @{libexec}/colord
 profile colord @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
   include <abstractions/devices-usb>
 
   network netlink raw,
 
+  dbus send
+       bus=system
+       path=/org/freedesktop/ColorManager/devices/xrandr_*
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll,
+
   @{exec_path} mr,
 
   /{usr/,}lib/colord/colord-sane  rPx,

apparmor.d/groups/freedesktop/pipewire

@@ -11,6 +11,7 @@ include <tunables/global>
 profile pipewire @{exec_path} {
   include <abstractions/base>
   include <abstractions/audio>
+  include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
 
   ptrace (read),

apparmor.d/groups/freedesktop/pipewire-media-session

@@ -11,6 +11,7 @@ include <tunables/global>
 profile pipewire-media-session @{exec_path} {
   include <abstractions/base>
   include <abstractions/audio>
+  include <abstractions/dbus-strict>
   include <abstractions/devices-usb>
   include <abstractions/nameservice-strict>
 

apparmor.d/groups/freedesktop/polkitd

@@ -1,6 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2018-2021 Mikhail Morfikov
-#               2021 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -11,6 +11,7 @@ include <tunables/global>
 @{exec_path} += @{libexec}/polkitd
 profile polkitd @{exec_path} {
   include <abstractions/base>
+  include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
 
   capability setuid,

apparmor.d/groups/freedesktop/upowerd

@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} += @{libexec}/upowerd
 profile upowerd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/dbus-strict>
   include <abstractions/devices-usb>
 
   network netlink raw,

apparmor.d/groups/freedesktop/xdg-desktop-portal

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{libexec}/xdg-desktop-portal
 profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/dbus-strict>
   include <abstractions/dconf>
   include <abstractions/freedesktop.org>
   include <abstractions/nameservice-strict>

apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{libexec}/xdg-desktop-portal-gnome
 profile xdg-desktop-portal-gnome @{exec_path} {
   include <abstractions/base>
+  include <abstractions/dbus-strict>
   include <abstractions/dconf>
   include <abstractions/fontconfig-cache-write>
   include <abstractions/fonts>

apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{libexec}/xdg-desktop-portal-gtk
 profile xdg-desktop-portal-gtk @{exec_path} {
   include <abstractions/base>
+  include <abstractions/dbus-strict>
   include <abstractions/dconf>
   include <abstractions/fontconfig-cache-write>
   include <abstractions/fonts>