apparmor.d -> profiles

profiles/usr.bin.totem

@@ -0,0 +1,58 @@
+# vim:syntax=apparmor
+# Author: Jamie Strandboge <jamie@canonical.com>
+
+#include <tunables/global>
+
+/usr/bin/totem {
+  #include <abstractions/audio>
+  #include <abstractions/dconf>
+  #include <abstractions/ibus>
+  #include <abstractions/mesa>
+  #include <abstractions/nvidia>
+  #include <abstractions/python>
+  #include <abstractions/totem>
+  #include <abstractions/ubuntu-helpers>
+
+  signal (send) set=("kill") peer=unconfined,
+
+  # Maybe in an abstraction?
+  /usr/include/**/pyconfig.h r,
+
+  /usr/bin/totem r,
+  /usr/bin/totem-video-thumbnailer Pix,
+  /usr/bin/bwrap PUx,
+  /usr/lib/@{multiarch}/libtotem-plparser[0-9]*/totem-pl-parser/* ix,
+  /usr/{lib/@{multiarch},libexec}/totem-gallery-thumbnailer Pix,
+  /dev/sr* r,
+
+  # Help browser
+  /usr/bin/yelp Cx -> sanitized_helper,
+  # GDesktopAppInfo in GLib 2.64.x uses a very small shell script
+  # to launch .desktop files, instead of gio-launch-desktop
+  /{usr/,}bin/{dash,bash} ixr,
+  # With older GLib we might still be on the fallback code path
+  # (remove this after Debian 11 and Ubuntu 20.04)
+  /usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rmix,
+
+  # Quiet logs
+  deny /{usr/,}lib/@{multiarch}/totem/plugins/*/__pycache__/ w,
+
+  # Allow read and write on almost anything in @{HOME}. Lenient, but
+  # private-files-strict is in effect.
+  #include <abstractions/private-files-strict>
+  owner @{HOME}/[^.]*    rw,
+  owner @{HOME}/[^.]*/** rw,
+
+  # Allow usage of openat with O_TMPFILE
+  owner @{HOME}/#[0-9]*[0-9] m,
+
+  owner /{,var/}run/user/*/dconf/user w,
+  owner /{,var/}run/user/*/at-spi2-*/   rw,
+  owner /{,var/}run/user/*/at-spi2-*/** rw,
+
+  /sys/devices/pci[0-9]*/**/config r,
+  /sys/devices/pci[0-9]*/**/{,subsystem_}{device,vendor} r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.bin.totem>
+}