feat(profiles): general update.

apparmor.d/groups/gnome/gnome-shell

@@ -63,6 +63,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
 
   /opt/*/**/*.png r,
   /snap/*/@{uid}/**.png r,
+  /usr/share/app-info/icons/{,**} r,
   /usr/share/backgrounds/{,**} r,
   /usr/share/dconf/profile/gdm r,
   /usr/share/desktop-directories/{,*.directory} r,
@@ -103,6 +104,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   /var/lib/gdm{3,}/greeter-dconf-defaults r,
 
   /var/lib/flatpak/app/**/gnome-shell/{,**} r,
+  /var/lib/flatpak/appstream/**/icons/** r,
   /var/lib/flatpak/exports/share/gnome-shell/{,**} r,
 
   /var/lib/snapd/desktop/icons/{,**} r,

apparmor.d/groups/gnome/nautilus

@@ -37,7 +37,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
   /{usr/,}bin/{,ba,da}sh rix,
-  /{usr/,}lib/gio-launch-desktop  rPx -> child-open,
+  /{usr/,}lib/gio-launch-desktop rPx -> child-open,
 
   /usr/share/nautilus/{,**} r,
   /usr/share/poppler/{,**} r,
@@ -49,15 +49,17 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   /var/lib/snapd/desktop/icons/{,**} r,
 
   # Full access to user's data
+  include <abstractions/deny-sensitive-home>
   / r,
   /home/ r,
+  @{MOUNTDIRS}/ r,
+  @{MOUNTS}/ r,
   owner @{HOME}/{,**} rw,
-  owner @{MOUNTS}/{,**} rw,
+  owner @{MOUNTS}/** rw,
   owner @{run}/user/@{uid}/{,**} rw,
   owner /tmp/{,**} rw,
 
   # Silence non user's data
-  include <abstractions/deny-sensitive-home>
   deny /boot/{,**} r,
   deny /opt/{,**} r,
   deny /root/{,**} r,