feat(profiles): add the X-strict abstraction.

apparmor.d/groups/freedesktop/pulseaudio

@@ -20,14 +20,12 @@ profile pulseaudio @{exec_path} {
   include <abstractions/gstreamer>
   include <abstractions/hosts_access>
   include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
 
   ptrace (trace) peer=@{profile_name},
 
   signal (receive) peer=pacmd,
 
-  unix (send receive connect) type=stream peer=(addr=@/tmp/.X11-unix/*),
-  unix (send receive connect) type=stream peer=(addr=@/tmp/.ICE-unix/*),
-
   network inet stream,
   network inet6 stream,
   network netlink raw,
@@ -120,9 +118,6 @@ profile pulseaudio @{exec_path} {
   owner @{user_cache_dirs}/gstreamer-1.0/registry.x86_64.bin r,
 
   owner @{run}/user/@{uid}/ rw,
-  owner @{run}/user/@{uid}/.mutter-Xwaylandauth.* r,
-  owner @{run}/user/@{uid}/gdm{[1-9],}/Xauthority r,
-  owner @{run}/user/@{uid}/ICEauthority r,
   owner @{run}/user/@{uid}/pulse/{,*} rw,
   owner @{run}/user/@{uid}/pulse/*.lock k,
   owner @{run}/user/@{uid}/systemd/notify rw,

apparmor.d/groups/freedesktop/xrdb

@@ -10,8 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/xrdb
 profile xrdb @{exec_path} {
   include <abstractions/base>
-
-  unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
+  include <abstractions/X-strict>
 
   @{exec_path} mr,
 
@@ -21,8 +20,6 @@ profile xrdb @{exec_path} {
   /{usr/,}lib/llvm-[0-9]*/bin/clang       rix,
   /usr/include/stdc-predef.h r,
 
-  owner @{HOME}/.Xauthority r,
-
   /etc/X11/Xresources/x11-common r,
 
   # The location of the .Xresources file
@@ -35,8 +32,6 @@ profile xrdb @{exec_path} {
   owner /tmp/xauth-[0-9]*-_[0-9] r,
   owner /tmp/kcminit.* r,
 
-  owner @{run}/user/@{uid}/.mutter-Xwaylandauth.* r,
-
   # file_inherit
   owner /dev/tty[0-9]* rw,
   owner @{HOME}/.xsession-errors w,