update apparmor profiles

apparmor.d/groups/gpg/gpg-agent

@@ -36,6 +36,11 @@ profile gpg-agent @{exec_path} {
   owner /var/lib/*/gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
   owner /var/lib/*/gnupg/S.gpg-agent{,.ssh,.browser,.extra} rw,
 
+  owner /tmp/tmp.*/gnupg/ rw,
+  owner /tmp/tmp.*/gnupg/private-keys-v1.d/ rw,
+  owner /tmp/tmp.*/gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
+  owner /tmp/tmp.*/gnupg/S.gpg-agent rw,
+
   # For debuild
   owner /tmp/dpkg-import-key.*/private-keys-v1.d/ w,
   owner @{run}/user/@{uid}/gnupg/d.*/S.gpg-agent{,.extra,.browser,.ssh} w,

apparmor.d/groups/gpg/gpg-connect-agent

@@ -13,7 +13,18 @@ profile gpg-connect-agent @{exec_path} {
 
   @{exec_path} mr,
 
+  /{usr/,}bin/gpg-agent rPx,
+
   /etc/inputrc r,
 
+  owner @{PROC}/@{pid}/fd/ r,
+
+  owner @{run}/user/@{uid}/gnupg/d.*/ rw,
+
+  owner /tmp/tmp.*/.#lk0x[0-9a-f]*.*.@{pid} rw,
+  owner /tmp/tmp.*/.#lk0x[0-9a-f]*.*.@{pid}x rwl -> /tmp/*/.#lk0x[0-9a-f]*.*.@{pid},
+  owner /tmp/tmp.*/gnupg_spawn_agent_sentinel.lock rwl -> /tmp/*/.#lk0x[0-9a-f]*.*.@{pid},
+
   include if exists <local/gpg-connect-agent>
 }
+