feat(profiles): general update.

apparmor.d/groups/freedesktop/fc-cache

@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{usr/,}bin/fc-cache{,-32}
+@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache{,-32,-v*}
 profile fc-cache @{exec_path} {
   include <abstractions/base>
   include <abstractions/fonts>

apparmor.d/groups/freedesktop/plymouthd

@@ -39,6 +39,7 @@ profile plymouthd @{exec_path} {
   @{sys}/class/drm/ r,
   @{sys}/class/graphics/ r,
   @{sys}/devices/pci[0-9]*/**/{,uevent} r,
+  @{sys}/devices/virtual/graphics/fbcon/uevent r,
   @{sys}/devices/virtual/tty/console/active r,
   @{sys}/firmware/acpi/bgrt/{,*} r,
 

apparmor.d/groups/freedesktop/upowerd

@@ -17,7 +17,7 @@ profile upowerd @{exec_path} flags=(attach_disconnected) {
   network netlink raw,
 
   dbus (send,receive) bus=system path=/org/freedesktop/UPower{,/**}
-       interface=org.freedesktop.{DBus.Properties,UPower*},
+       interface=org.freedesktop.{DBus.Properties,DBus.Introspectable,UPower*},
 
   dbus (send,receive) bus=system path=/org/freedesktop/login[0-9]
        interface=org.freedesktop.DBus.Properties

apparmor.d/groups/freedesktop/xdg-dbus-proxy

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/xdg-dbus-proxy
 profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/dbus-session-strict>
 
   @{exec_path} mr,
 

apparmor.d/groups/freedesktop/xdg-desktop-portal

@@ -45,6 +45,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
   @{exec_path} mr,
 
   /{usr/,}bin/{,ba,da}sh  rix,
+  /{usr/,}bin/snap        rPx,
 
   # Allowed apps to open
   /{usr/,}bin/firefox rPx -> firefox,

apparmor.d/groups/freedesktop/xdg-email

@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2018-2021 Mikhail Morfikov
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -11,8 +12,13 @@ profile xdg-email @{exec_path} flags=(complain) {
   include <abstractions/base>
 
   @{exec_path}  r,
-  /{usr/,}bin/{,ba,da}sh rix,
-  /{usr/,}bin/sed        rix,
+
+  /{usr/,}bin/{,ba,da}sh  rix,
+  /{usr/,}bin/gio         rPx,
+  /{usr/,}bin/{,e}grep    rix,
+  /{usr/,}bin/sed         rix,
+  /{usr/,}bin/which       rix,
+  /{usr/,}bin/xdg-mime    rPx,
 
   owner /dev/tty[0-9]* rw,
 

apparmor.d/groups/freedesktop/xwayland

@@ -35,6 +35,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[a-zA-z0-9]* rw,
 
   @{sys}/bus/pci/devices/ r,
+  @{sys}/devices/system/cpu/possible r,
 
         @{PROC}/@{pids}/cmdline r,
   owner @{PROC}/@{pids}/comm r,