feat(profile): improve dbus definitions.

apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver

@@ -9,6 +9,11 @@
        member={Inhibit,UnInhibit}
        peer=(name=org.freedesktop.ScreenSaver),
 
+  dbus receive bus=session path=/org/gnome/ScreenSaver
+       interface=org.gnome.ScreenSaver
+       member={ActiveChanged,WakeUpScreen}
+       peer=(name=@{busname}, label=gjs-console),
+
   include if exists <abstractions/bus/org.freedesktop.ScreenSaver.d>
 
 # vim:syntax=apparmor

apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop

@@ -36,6 +36,11 @@
        member=Register
        peer=(name=org.freedesktop.portal.Desktop, label=xdg-desktop-portal),
 
+  dbus receive bus=session path=/org/freedesktop/portal/desktop/**
+       interface=org.freedesktop.portal.Request
+       member=Response
+       peer=(name=@{busname}, label=xdg-desktop-portal),
+
   include if exists <abstractions/bus/org.freedesktop.portal.Desktop.d>
 
 # vim:syntax=apparmor

apparmor.d/abstractions/bus/org.freedesktop.systemd1

@@ -6,7 +6,7 @@
 
   #aa:dbus common bus=system name=org.freedesktop.systemd1 label="@{p_systemd}"
 
-  dbus send bus=session path=/org/freedesktop/systemd1
+  dbus send bus=system path=/org/freedesktop/systemd1
        interface=org.freedesktop.systemd1.Manager
        member={GetUnit,GetUnitByPIDFD,StartUnit,StartTransientUnit}
        peer=(name=org.freedesktop.systemd1, label="@{p_systemd}"),

apparmor.d/groups/gnome/evolution-addressbook-factory

@@ -26,6 +26,7 @@ profile evolution-addressbook-factory @{exec_path} {
   network netlink raw,
 
   #aa:dbus own bus=session name=org.gnome.evolution.dataserver.AddressBook@{int}
+  #aa:dbus own bus=session name=org.gnome.evolution.dataserver.AddressBookFactory
 
   dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
        interface=org.gnome.evolution.dataserver.*

apparmor.d/groups/gnome/gnome-extension-gsconnect

@@ -17,6 +17,7 @@ profile gnome-extension-gsconnect @{exec_path} {
   include <abstractions/bus-session>
   include <abstractions/bus-system>
   include <abstractions/bus/org.a11y>
+  include <abstractions/bus/org.freedesktop.login1.Session>
   include <abstractions/bus/org.freedesktop.NetworkManager>
   include <abstractions/bus/org.gtk.Notifications>
   include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
@@ -36,9 +37,10 @@ profile gnome-extension-gsconnect @{exec_path} {
   network inet6 stream,
   network netlink raw,
 
-  #aa:dbus own bus=session name=org.gnome.Shell.Extensions.GSConnect
+  #aa:dbus own bus=session name=org.gnome.Shell.Extensions.GSConnect interface+=org.gtk.{Actions,Menus}
 
   dbus eavesdrop bus=session,
+
   @{exec_path} mr,
 
   @{sh_path}          rix,

apparmor.d/groups/gnome/gnome-shell

@@ -18,6 +18,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/bus/net.hadess.SwitcherooControl>
   include <abstractions/bus/net.reactivated.Fprint>
   include <abstractions/bus/org.a11y>
+  include <abstractions/bus/org.bluez>
   include <abstractions/bus/org.freedesktop.background.Monitor>
   include <abstractions/bus/org.freedesktop.FileManager1>
   include <abstractions/bus/org.freedesktop.GeoClue2>

apparmor.d/groups/network/NetworkManager

@@ -50,22 +50,12 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
 
   dbus send bus=system path=/org/freedesktop/nm_dispatcher
        interface=org.freedesktop.nm_dispatcher
+       member=Action
        peer=(name=org.freedesktop.nm_dispatcher),
-
+  dbus send bus=system path=/uk/org/thekelleys/dnsmasq
-  dbus receive bus=system path=/org/freedesktop
+       interface=org.freedesktop.NetworkManager.dnsmasq
-       interface=org.freedesktop.DBus.ObjectManager
+       member=SetServersEx
-       member=GetManagedObjects
+       peer=(name=@{busname}, label=dnsmasq),
-       peer=(name=:*),
-
-  dbus receive bus=system path=/
-       interface=org.freedesktop.DBus.ObjectManager
-       member=InterfacesRemoved
-       peer=(name=:*, label="@{p_bluetoothd}"),
-
-  dbus send bus=system path=/
-       interface=org.freedesktop.DBus.ObjectManager
-       member=GetManagedObjects
-       peer=(name=:*, label="@{p_bluetoothd}"),
 
   dbus send bus=system path=/org/freedesktop
        interface=org.freedesktop.DBus.ObjectManager

apparmor.d/groups/systemd/resolvectl

@@ -22,6 +22,7 @@ profile resolvectl @{exec_path} flags=(attach_disconnected) {
   signal send set=cont peer=child-pager,
 
   #aa:dbus talk bus=system name=org.freedesktop.resolve1 label="@{p_systemd_resolved}"
+  #aa:dbus talk bus=system name=org.freedesktop.network1 label="@{p_systemd_networkd}"
 
   @{exec_path} mr,
 

apparmor.d/profiles-s-z/spotify

@@ -35,6 +35,7 @@ profile spotify @{exec_path} flags=(attach_disconnected) {
 
   #aa:dbus own bus=session name=org.mpris.MediaPlayer2.spotify
   #aa:dbus talk bus=session name=org.ayatana.NotificationItem label=gnome-shell
+  #aa:dbus talk bus=session name=org.freedesktop.portal.{d,D}esktop label=xdg-desktop-portal
 
   @{exec_path} mrix,
 

apparmor.d/profiles-s-z/terminator

@@ -29,6 +29,11 @@ profile terminator @{exec_path} flags=(attach_disconnected) {
 
   #aa:dbus own bus=session name=net.tenshu.Terminator@{hex}
 
+  dbus send bus=session path=/org/freedesktop/systemd1
+       interface=org.freedesktop.systemd1.Manager
+       member=StartTransientUnit
+       peer=(name=org.freedesktop.systemd1, label="@{p_systemd_user}"),
+
   @{exec_path} mr,
 
   @{bin}/ r,