feat(abs): move some dbus abs to the session subfolder.

apparmor.d/abstractions/bus/accessibility/own

@@ -20,6 +20,6 @@
        member={GetConnectionUnixProcessID,GetConnectionUnixUser,GetConnectionCredentials}
        peer=(name=org.freedesktop.DBus, label="@{p_dbus_accessibility}"),
 
-  include if exists <abstractions/bus/own-accessibility.d>
+  include if exists <abstractions/bus/accessibility/own.d>
 
 # vim:syntax=apparmor

apparmor.d/abstractions/bus/org.freedesktop.systemd1-session

@@ -1,16 +0,0 @@
-# apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
-# SPDX-License-Identifier: GPL-2.0-only
-
-  abi <abi/4.0>,
-
-  #aa:dbus common bus=session name=org.freedesktop.systemd1 label="@{p_systemd_user}"
-
-  dbus send bus=session path=/org/freedesktop/systemd1
-       interface=org.freedesktop.systemd1.Manager
-       member=GetUnit
-       peer=(name="{@{busname},org.freedesktop.systemd1}", label="@{p_systemd_user}"),
-
-  include if exists <abstractions/bus/org.freedesktop.systemd1-session.d>
-
-# vim:syntax=apparmor

apparmor.d/abstractions/bus/session/org.freedesktop.systemd1

@@ -0,0 +1,26 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  abi <abi/4.0>,
+
+  #aa:dbus common bus=session name=org.freedesktop.systemd1 label="@{p_systemd_user}"
+
+  dbus send bus=session path=/org/freedesktop/systemd1
+       interface=org.freedesktop.systemd1.Manager
+       member=GetUnit
+       peer=(name="{@{busname},org.freedesktop.systemd1}", label="@{p_systemd_user}"),
+
+  dbus send bus=session path=/org/freedesktop/systemd1/unit/app_*
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=org.freedesktop.systemd1, label="@{p_systemd_user}"),
+
+  dbus send bus=session path=/org/freedesktop/systemd1
+       interface=org.freedesktop.systemd1.Manager
+       member=StartTransientUnit
+       peer=(name=org.freedesktop.systemd1, label="@{p_systemd_user}"),
+
+  include if exists <abstractions/bus/session/org.freedesktop.systemd1.d>
+
+# vim:syntax=apparmor

apparmor.d/abstractions/bus/session/own

@@ -20,6 +20,6 @@
        member={GetConnectionUnixProcessID,GetConnectionUnixUser,GetConnectionCredentials}
        peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"),
 
-  include if exists <abstractions/bus/own-session.d>
+  include if exists <abstractions/bus/session/own.d>
 
 # vim:syntax=apparmor

apparmor.d/abstractions/bus/system/own

@@ -20,6 +20,6 @@
        member={GetConnectionUnixProcessID,GetConnectionUnixUser,GetConnectionCredentials}
        peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"),
 
-  include if exists <abstractions/bus/own-system.d>
+  include if exists <abstractions/bus/system/own.d>
 
 # vim:syntax=apparmor

apparmor.d/groups/gnome/gdm-session

@@ -11,8 +11,8 @@ profile gdm-session @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>
   include <abstractions/bus-system>
-  include <abstractions/bus/org.freedesktop.systemd1-session>
   include <abstractions/bus/org.gnome.DisplayManager>
+  include <abstractions/bus/session/org.freedesktop.systemd1>
 
   signal (receive) set=(hup term) peer=gdm-session-worker,
   signal (receive) set=(term) peer=gdm,

apparmor.d/groups/gnome/gnome-session-binary

@@ -14,7 +14,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus-system>
   include <abstractions/bus/org.a11y>
   include <abstractions/bus/org.freedesktop.login1.Session>
-  include <abstractions/bus/org.freedesktop.systemd1-session>
+  include <abstractions/bus/session/org.freedesktop.systemd1>
   include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
   include <abstractions/bus/org.gnome.ScreenSaver>
   include <abstractions/dconf-write>

apparmor.d/groups/gnome/gsd-housekeeping

@@ -11,7 +11,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/app-launcher-user>
   include <abstractions/bus-session>
-  include <abstractions/bus/org.freedesktop.systemd1-session>
+  include <abstractions/bus/session/org.freedesktop.systemd1>
   include <abstractions/bus/org.gnome.SessionManager>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/consoles>

apparmor.d/groups/kde/kcminit

@@ -10,7 +10,7 @@ include <tunables/global>
 profile kcminit @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>
-  include <abstractions/bus/org.freedesktop.systemd1-session>
+  include <abstractions/bus/session/org.freedesktop.systemd1>
   include <abstractions/gtk>
   include <abstractions/kde-strict>
 

apparmor.d/profiles-s-z/spotify

@@ -25,6 +25,7 @@ profile spotify @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.freedesktop.secrets>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/bus/org.kde.StatusNotifierWatcher>
+  include <abstractions/bus/session/org.freedesktop.systemd1>
   include <abstractions/common/electron>
   include <abstractions/devices-usb-read>
 

pkg/prebuild/directive/dbus.go

@@ -111,7 +111,7 @@ func (d Dbus) own(rules map[string]string) aa.Rules {
 
 	res := aa.Rules{
 		&aa.Include{
-			IsMagic: true, Path: "abstractions/bus/own-" + rules["bus"],
+			IsMagic: true, Path: "abstractions/bus/" + rules["bus"] + "/own",
 		},
 		&aa.Dbus{
 			Access: []string{"bind"}, Bus: rules["bus"], Name: rules["name"],