feat(profile): general update.

apparmor.d/groups/gnome/epiphany-search-provider

@@ -36,6 +36,7 @@ profile epiphany-search-provider @{exec_path} {
   owner /tmp/Serialized* rw,
 
   @{sys}/devices/virtual/dmi/id/chassis_type r,
+  @{sys}/firmware/acpi/pm_profile r,
   @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/*org.gnome.Epiphany.SearchProvider.slice/*/memory.* r,
   @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/dbus.service/memory.* r,
 
@@ -46,6 +47,8 @@ profile epiphany-search-provider @{exec_path} {
         @{PROC}/zoneinfo r,
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/cmdline r,
+  owner @{PROC}/@{pid}/smaps r,
+  owner @{PROC}/@{pid}/statm r,
 
   deny @{user_share_dirs}/gvfs-metadata/* r,
 

apparmor.d/groups/gnome/gio-launch-desktop

@@ -16,6 +16,7 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) {
   include <abstractions/consoles>
   include <abstractions/deny-sensitive-home>
   include <abstractions/gnome-strict>
+  include <abstractions/nameservice-strict>
   include <abstractions/trash>
 
   @{exec_path} mr,
@@ -25,6 +26,8 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) {
 
   owner @{HOME}/{,**} rw,
 
+  owner /tmp/wl-copy-buffer-@{rand6}/stdin r,
+
   @{run}/mount/utab r,
 
   owner @{PROC}/@{pid}/fd/ r,

apparmor.d/groups/gnome/gnome-characters

@@ -18,7 +18,7 @@ profile gnome-characters @{exec_path} {
   include <abstractions/graphics>
   include <abstractions/nameservice-strict>
 
-  dbus bind bus=session name=org.gnome.Characters,
+  # dbus: own bus=session name=org.gnome.Characters
   dbus receive bus=session path=/org/gnome/Characters/SearchProvider
        interface=org.gnome.Shell.SearchProvider2
        peer=(name=:*, label=gnome-shell),

apparmor.d/groups/gnome/gnome-music

@@ -30,7 +30,7 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
   @{bin}/ r,
   @{bin}/env r,
   @{bin}/python3.@{int} rix,
-  @{lib}/python3.@{int}/site-packages//gnomemusic/__pycache__/{,**} rw,
+  @{lib}/python3.@{int}/site-packages/gnomemusic/__pycache__/{,**} rw,
 
   /usr/share/grilo-plugins/grl-lua-factory/{,*} r,
   /usr/share/org.gnome.Music/{,**} r,
@@ -45,8 +45,7 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
   owner @{user_share_dirs}/grilo-plugins/ rwk,
   owner @{user_share_dirs}/grilo-plugins/*.db{,-shm,-journal,-wal} rwk,
 
-        @{run}/systemd/inhibit/[0-9]*.ref rw,
-  owner @{run}/user/@{uid}/orcexec.[0-9a-zA-Z]* rw,
+  @{run}/systemd/inhibit/[0-9]*.ref rw,
 
   owner /tmp/grilo-plugin-cache-[0-9A-Z]*/ rw,
   owner /var/tmp/etilqs_@{hex} rw,

apparmor.d/groups/gnome/gnome-shell

@@ -288,6 +288,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   owner @{user_music_dirs}/**.{png,jpg,svg} r,
 
   owner @{user_config_dirs}/.goutputstream{,-@{rand6}} rw,
+  owner @{user_config_dirs}/background r,
   owner @{user_config_dirs}/ibus/ w,
   owner @{user_config_dirs}/monitors.xml{,~} rwl,
   owner @{user_config_dirs}/pulse/ rw,

apparmor.d/groups/gnome/gnome-software

@@ -91,8 +91,8 @@ profile gnome-software @{exec_path} {
   owner /tmp/#@{int} rw,
 
   owner @{run}/user/@{uid}/.dbus-proxy/ rw,
-  owner @{run}/user/@{uid}/.dbus-proxy/a11y-bus-proxy-[0-9A-Z]* rw,
-  owner @{run}/user/@{uid}/.dbus-proxy/session-bus-proxy-[0-9A-Z]* rw,
+  owner @{run}/user/@{uid}/.dbus-proxy/a11y-bus-proxy-@{rand6} rw,
+  owner @{run}/user/@{uid}/.dbus-proxy/session-bus-proxy-@{rand6} rw,
   owner @{run}/user/@{uid}/.flatpak-cache rw,
   owner @{run}/user/@{uid}/.flatpak/{,**} rw,
   owner @{run}/user/@{uid}/.flatpak/**/*.ref rwk,