feat(profiles): general update.

apparmor.d/groups/freedesktop/xdg-desktop-portal

@@ -120,7 +120,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
   /.flatpak-info r,
 
   /usr/share/pipewire/client.conf r,
-  /usr/share/xdg-desktop-portal/portals/{,*.portal} r,
+  /usr/share/xdg-desktop-portal/** r,
 
   /etc/pipewire/client.conf.d/ r,
 

apparmor.d/groups/pacman/mkinitcpio

@@ -17,6 +17,8 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
   capability sys_admin,
   capability sys_chroot,
 
+  network unix stream,
+
   @{exec_path} rmix,
 
   @{bin}/{,ba}sh             rix,
@@ -117,7 +119,6 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
   deny /apparmor/.null rw,
   deny network inet stream,
   deny network inet6 stream,
-  deny unix (receive) type=stream,
 
   include if exists <local/mkinitcpio>
 }

apparmor.d/groups/pacman/pacman

@@ -159,7 +159,6 @@ profile pacman @{exec_path} {
   # Silencer, 
   deny @{HOME}/ r,
   deny /tmp/ r,
-  deny unix (receive) type=stream,
 
   profile gpg {
     include <abstractions/base>

apparmor.d/groups/systemd/systemd-timedated

@@ -27,13 +27,10 @@ profile systemd-timedated @{exec_path} flags=(attach_disconnected) {
        interface=org.freedesktop.DBus.Properties
        member={Get,GetAll},
 
-  dbus bind bus=system 
-       name=org.freedesktop.timedate[0-9],
+  dbus bind bus=system name=org.freedesktop.timedate[0-9],
 
   @{exec_path} mr,
 
-  /dev/rtc[0-9] r,
-
   @{etc_rw}/.#adjtime* rw,
   @{etc_rw}/adjtime rw,
 
@@ -45,5 +42,7 @@ profile systemd-timedated @{exec_path} flags=(attach_disconnected) {
 
   @{run}/systemd/notify rw,
 
+  /dev/rtc@{int} r,
+
   include if exists <local/systemd-timedated>
 }