feat(dbus): replace some rule by the new directives.

apparmor.d/groups/systemd/systemd-logind

@@ -27,36 +27,13 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
 
   network netlink raw,
 
-  dbus bind bus=system name=org.freedesktop.login1,
-  dbus (send, receive) bus=system path=/org/freedesktop/login1{,/**}
-       interface=org.freedesktop.login1.*
-       peer=(name=:*),
-  dbus receive bus=system path=/org/freedesktop/login1{,/**}
-       interface=org.freedesktop.DBus.Properties
-       peer=(name=:*),
-  dbus (send, receive) bus=system path=/org/freedesktop/login1{,/**}
-       interface=org.freedesktop.login1.*
-       peer=(name=org.freedesktop.DBus),
-  dbus send bus=system path=/org/freedesktop/login1{,/**}
-       interface=org.freedesktop.DBus.Properties
-       peer=(name=org.freedesktop.DBus),
+  # dbus: own bus=system name=org.freedesktop.login1
 
-  dbus receive bus=system path=/org/freedesktop/systemd1{,/{unit,job}/**}
-       interface=org.freedesktop.DBus.Properties
-       peer=(name=:*, label="@{systemd}"),
-  dbus send bus=system path=/org/freedesktop/systemd1/{unit,job}/**
-       interface=org.freedesktop.DBus.Properties
-       peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
-  dbus send bus=system path=/org/freedesktop/systemd1/{unit,job}/**
-       interface=org.freedesktop.systemd1.Scope
-       peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
+  # dbus: talk bus=system name=org.freedesktop.systemd1 label="@{systemd}"
 
   dbus send bus=system path=/org/freedesktop/systemd1
        interface=org.freedesktop.systemd1.Manager
        peer=(name=org.freedesktop.systemd1),
-  dbus receive bus=system path=/org/freedesktop/systemd1
-       interface=org.freedesktop.systemd1.Manager
-       peer=(name=:*, label="@{systemd}"),
 
   dbus send bus=system path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus

apparmor.d/groups/systemd/systemd-machined

@@ -24,33 +24,9 @@ profile systemd-machined @{exec_path} {
   capability sys_chroot,
   capability sys_ptrace,
 
-  dbus bind bus=system name=org.freedesktop.machine1,
-  dbus receive bus=system path=/org/freedesktop/machine1{,/**}
-       interface=org.freedesktop.machine1.Manager
-       peer=(name=:*),
-  dbus receive bus=system path=/org/freedesktop/machine1{,/**}
-       interface=org.freedesktop.DBus.Properties
-       peer=(name=:*),
+  # dbus: own bus=system name=org.freedesktop.machine1
 
-  dbus send bus=system path=/org/freedesktop/systemd1/{,{unit,job}/*}
-       interface=org.freedesktop.DBus.Properties
-       member=Get
-       peer=(name=org.freedesktop.systemd1),
-
-  dbus receive bus=system path=/org/freedesktop/systemd1{,/{unit,job}/*}
-       interface=org.freedesktop.DBus.Properties
-       member=PropertiesChanged
-       peer=(name=:*),
-
-  dbus send bus=system path=/org/freedesktop/systemd1
-       interface=org.freedesktop.systemd1.Manager
-       member={StopUnit,UnrefUnit,StartTransientUnit,Subscribe}
-       peer=(name=org.freedesktop.systemd1),
-
-  dbus receive bus=system path=/org/freedesktop/systemd1
-       interface=org.freedesktop.systemd1.Manager
-       member={JobRemoved,UnitRemoved,Reloading}
-       peer=(name=:*),
+  # dbus: talk bus=system name=org.freedesktop.systemd1 label="@{systemd}"
 
   @{exec_path} mr,
 

apparmor.d/groups/systemd/systemd-networkd

@@ -27,10 +27,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) {
   network packet dgram,
   network packet raw,
 
-  dbus bind bus=system name=org.freedesktop.network1,
-  dbus (send, receive) bus=system path=/org/freedesktop/network1{,/**}
-       interface=org.freedesktop.DBus.Properties
-       peer=(name="{:*,org.freedesktop.DBus}"),
+  # dbus: own bus=system name=org.freedesktop.network1
 
   @{exec_path} mr,
 

apparmor.d/groups/systemd/systemd-resolved

@@ -30,10 +30,7 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) {
   network inet6 stream,
   network netlink raw,
 
-  dbus bind bus=system name=org.freedesktop.resolve1,
-  dbus receive bus=system path=/org/freedesktop/resolve1
-       interface=org.freedesktop.resolve1.Manager
-       peer=(name=:*),
+  # dbus: own bus=system name=org.freedesktop.resolve1
 
   dbus send bus=system path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus

apparmor.d/groups/systemd/systemd-timedated

@@ -15,13 +15,7 @@ profile systemd-timedated @{exec_path} flags=(attach_disconnected) {
 
   capability sys_time,
 
-  dbus bind bus=system name=org.freedesktop.timedate1,
-  dbus receive bus=system path=/org/freedesktop/timedate1
-       interface=org.freedesktop.DBus.Properties
-       peer=(name=:*),
-  dbus receive bus=system path=/org/freedesktop/timedate1
-       interface=org.freedesktop.timedate1
-       peer=(name=:*),
+  # dbus: own bus=system name=org.freedesktop.timedate1
 
   dbus send bus=system path=/org/freedesktop/systemd1/unit/*
        interface=org.freedesktop.DBus.Properties