feat(profile): general update.

apparmor.d/groups/grub/grub-mkconfig

@@ -32,6 +32,7 @@ profile grub-mkconfig @{exec_path} flags=(attach_disconnected) {
   @{bin}/find                 rix,
   @{bin}/findmnt              rPx,
   @{bin}/gettext              rix,
+  @{bin}/grub-editenv         rPx,
   @{bin}/grub-mkrelpath       rPx,
   @{bin}/grub-probe           rPx,
   @{bin}/grub-script-check    rPx,
@@ -60,6 +61,7 @@ profile grub-mkconfig @{exec_path} flags=(attach_disconnected) {
   @{bin}/zpool                rPx,
   /etc/grub.d/{,**}           rix,
 
+  @{lib}/grub-customizer/*      rix,
   @{lib}/grub/grub-sort-version rPx,
   @{lib}/libostree/grub[0-9]-@{int}_ostree rix,
 
@@ -81,7 +83,7 @@ profile grub-mkconfig @{exec_path} flags=(attach_disconnected) {
   /boot/{,**} r,
   /boot/grub/{,**} rw,
 
-  # owner /tmp/** rw,
+  /tmp/grub-*.@{rand10}/{,**} rw,
 
   @{sys}/firmware/efi/efivars/OsIndicationsSupported-@{uuid} r,
 

apparmor.d/groups/grub/grub-probe

@@ -13,6 +13,7 @@ profile grub-probe @{exec_path} {
   include <abstractions/consoles>
   include <abstractions/disks-read>
 
+  capability dac_read_search,
   capability sys_admin,
 
   @{exec_path} mr,
@@ -36,6 +37,7 @@ profile grub-probe @{exec_path} {
   /dev/bus/ r,
   /dev/bus/usb/ r,
   /dev/bus/usb/@{int}/ r,
+  /dev/char/ r,
   /dev/cpu/ r,
   /dev/cpu/@{int}/ r,
   /dev/dma_heap/ r,

apparmor.d/groups/systemd/systemd-logind

@@ -79,7 +79,9 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
   @{run}/udev/data/+hid:* r,
   @{run}/udev/data/+i2c:* r,
   @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
+  @{run}/udev/data/+leds:* r,
   @{run}/udev/data/+pci:* r,              # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
+  @{run}/udev/data/+wakeup:* r,
   @{run}/udev/data/c1:@{int}    r,        # For RAM disk
   @{run}/udev/data/c10:@{int}   r,        # For non-serial mice, misc features
   @{run}/udev/data/c13:@{int} r,          # For /dev/input/*