From d5e70ca99488ee50555a48001e8e04a0bb8029ec Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 5 Apr 2025 21:43:55 +0200
Subject: [PATCH] fix(test): various integration improvments.

---
 apparmor.d/groups/flatpak/flatpak                |  6 +++++-
 apparmor.d/groups/ubuntu/package-data-downloader |  1 +
 apparmor.d/profiles-s-z/ucf                      | 10 +++++-----
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/apparmor.d/groups/flatpak/flatpak b/apparmor.d/groups/flatpak/flatpak
index adfd4b49b..99ed33745 100644
--- a/apparmor.d/groups/flatpak/flatpak
+++ b/apparmor.d/groups/flatpak/flatpak
@@ -41,10 +41,14 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
   signal send peer=flatpak-app,
 
   #aa:dbus talk bus=session name=org.freedesktop.Flatpak.SessionHelper label=flatpak-session-helper
-  #aa:dbus talk bus=session name=org.freedesktop.portal.Documents path=/org/freedesktop/portal/documents label=xdg-document-portal
   #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon
   #aa:dbus talk bus=system name=org.freedesktop.PolicyKit1 label=polkitd
 
+  dbus send bus=session path=/org/freedesktop/portal/documents
+       interface=org.freedesktop.portal.Documents
+       member=GetMountPoint
+       peer=(name=org.freedesktop.portal.Documents, label="{xdg-document-portal,unconfined}"),
+
   @{exec_path} mr,
 
   @{bin}/bwrap               rPx -> flatpak-app,
diff --git a/apparmor.d/groups/ubuntu/package-data-downloader b/apparmor.d/groups/ubuntu/package-data-downloader
index 0e6641977..c193bbe0c 100644
--- a/apparmor.d/groups/ubuntu/package-data-downloader
+++ b/apparmor.d/groups/ubuntu/package-data-downloader
@@ -10,6 +10,7 @@ include <tunables/global>
 profile package-data-downloader @{exec_path} {
   include <abstractions/base>
   include <abstractions/common/apt>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
   include <abstractions/python>
 
diff --git a/apparmor.d/profiles-s-z/ucf b/apparmor.d/profiles-s-z/ucf
index 8a4b08b40..4fdbb5a52 100644
--- a/apparmor.d/profiles-s-z/ucf
+++ b/apparmor.d/profiles-s-z/ucf
@@ -41,18 +41,18 @@ profile ucf @{exec_path} {
 
   /usr/share/debconf/frontend     rPx, # TODO: rCx -> debonc-frontend,
 
+  # For md5sum
   /usr/share/** r,
 
-  /etc/default/* rw,
-  /etc/libreoffice/registry/** r,
-  /etc/ucf.conf r,
-
-  /var/lib/ucf/** rw,
+  # For writing new config files
+  /etc/** rw,
 
   # For shell pwd
   / r,
   /root/ r,
 
+  owner /var/lib/ucf/** rw,
+
   owner /tmp/tmp.@{rand10} r,
 
   include if exists <local/ucf>