feat(profile): various improvement for Tumbleweed

fix #828

apparmor.d/abstractions/kde-strict

@@ -46,7 +46,7 @@
   owner @{user_config_dirs}/kdeglobals r,
   owner @{user_config_dirs}/kwinrc r,
   owner @{user_config_dirs}/session/ rw,
-  owner @{user_config_dirs}/session/*_@{hex}_@{int}_@{int} rwlk,
+  owner @{user_config_dirs}/session/*_* rwlk,
   owner @{user_config_dirs}/session/#@{int} rw,
   owner @{user_config_dirs}/trashrc r,
 

apparmor.d/groups/kde/dolphin

@@ -25,7 +25,11 @@ profile dolphin @{exec_path} {
 
   network netlink raw,
 
-  signal (send) set=(term) peer=kioworker,
+  signal send set=hup peer=@{p_systemd},
+  signal send set=term peer=kioworker,
+
+  ptrace read peer=@{p_systemd},
+  ptrace read peer=okular,
 
   @{exec_path} mr,
 
@@ -109,10 +113,11 @@ profile dolphin @{exec_path} {
   owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
+  owner @{PROC}/@{pid}/stat r,
 
   @{sys}/devices/virtual/block/dm-@{int}/uevent r,
 
-  /dev/tty r,
+  /dev/tty rw,
 
   include if exists <local/dolphin>
 }

apparmor.d/groups/kde/kwin_x11

@@ -41,6 +41,7 @@ profile kwin_x11 @{exec_path} {
   /usr/share/kwin-x11/{,**} r,
   /usr/share/kwin/{,**} r,
   /usr/share/plasma/desktoptheme/{,**} r,
+  /usr/share/sounds/*/stereo/*.oga r,
 
   /etc/machine-id r,
   /etc/xdg/plasmarc r,

apparmor.d/groups/kde/okular

@@ -23,6 +23,8 @@ profile okular @{exec_path} {
 
   network netlink raw,
 
+  ptrace read peer=@{p_systemd},
+
   signal send set=term peer=kioworker,
 
   @{exec_path} mr,
@@ -69,7 +71,7 @@ profile okular @{exec_path} {
 
   owner @{user_state_dirs}/#@{int} rw,
   owner @{user_state_dirs}/okularstaterc rw,
-  owner @{user_state_dirs}/okularstaterc.@{rand6} rwl -> @{user_state_dirs}/#@{int},
+  owner @{user_state_dirs}/okularstaterc.@{rand6} rwlk -> @{user_state_dirs}/#@{int},
   owner @{user_state_dirs}/okularstaterc.lock rwk,
 
   owner @{tmp}/#@{int} rw,
@@ -82,6 +84,7 @@ profile okular @{exec_path} {
 
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
+  owner @{PROC}/@{pid}/stat r,
 
   profile gpg {
     include <abstractions/base>

apparmor.d/profiles-g-l/libreoffice

@@ -78,21 +78,24 @@ profile libreoffice @{exec_path} {
   /usr/share/mythes/{,**} r,
   /usr/share/thumbnailers/{,**} r,
 
+  /etc/cups/ppd/*.ppd r,
   /etc/java{,-}{,@{version}}-openjdk/{,**} r,
   /etc/libreoffice/{,**} r,
-  /etc/paperspecs r,
   /etc/papersize r,
+  /etc/paperspecs r,
   /etc/xdg/* r,
 
         /var/tmp/ r,
   owner /var/spool/libreoffice/uno_packages/cache/stamp.sys w,
 
   owner @{user_cache_dirs}/libreoffice/{,**} rw,
+
+  owner @{user_config_dirs}/kservicemenurc r,
   owner @{user_config_dirs}/libreoffice/ rw,
   owner @{user_config_dirs}/libreoffice/** rwk,
-  owner @{user_config_dirs}/soffice.*.lock rwk,
   owner @{user_config_dirs}/plasma_workspace.notifyrc r,
-  owner @{user_config_dirs}/kservicemenurc r,
+  owner @{user_config_dirs}/soffice.*.lock rwk,
+  owner @{user_config_dirs}/soffice.binrc r,
 
   owner @{user_share_dirs}/#@{int} rw,
   owner @{user_share_dirs}/user-places.xbel r,