feat(profile): small gnome related improvement.

apparmor.d/groups/gnome/evolution-addressbook-factory

@@ -30,7 +30,7 @@ profile evolution-addressbook-factory @{exec_path} {
 
   dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
        interface=org.gnome.evolution.dataserver.*
-       peer=(name=:*),
+       peer=(name=@{busname}),
 
   dbus send bus=session path=/org/gnome/evolution/dataserver/**
        interface=org.gnome.evolution.dataserver.*
@@ -38,12 +38,12 @@ profile evolution-addressbook-factory @{exec_path} {
 
   dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
        interface=org.freedesktop.DBus.Properties
-       peer=(name=:*, label=evolution-*),
+       peer=(name=@{busname}, label=evolution-*),
 
   dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager
        interface=org.freedesktop.DBus.ObjectManager
        member=GetManagedObjects
-       peer=(name=:*, label=evolution-source-registry),
+       peer=(name=@{busname}, label=evolution-source-registry),
 
   dbus send bus=session path=/org/gnome/evolution/dataserver/**
        interface=org.freedesktop.DBus.Properties
@@ -53,7 +53,7 @@ profile evolution-addressbook-factory @{exec_path} {
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect
-       peer=(name=:*, label=gnome-shell),
+       peer=(name=@{busname}, label=gnome-shell),
 
   @{exec_path} mr,
   @{exec_path}-subprocess rix,

apparmor.d/groups/gnome/gdm

@@ -20,6 +20,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
   capability fsetid,
   capability kill,
   capability net_admin,
+  capability sys_admin,
   capability sys_nice,
   capability sys_tty_config,
 

apparmor.d/groups/gnome/gnome-extension-gsconnect

@@ -72,6 +72,7 @@ profile gnome-extension-gsconnect @{exec_path} {
   owner @{tmp}/.org.chromium.Chromium.@{rand6} r,
 
   owner @{run}/user/@{uid}/gsconnect/{,**} rw,
+  owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
 
   @{sys}/devices/virtual/dmi/id/chassis_type r,
 

apparmor.d/groups/gnome/gnome-software

@@ -37,6 +37,7 @@ profile gnome-software @{exec_path} {
 
   /usr/share/app-info/{,**} r,
   /usr/share/appdata/{,**} r,
+  /usr/share/byobu/desktop/{,**} r,
   /usr/share/flatpak/remotes.d/ r,
   /usr/share/metainfo/{,**} r,
   /usr/share/swcatalog/{,**} r,

apparmor.d/groups/gnome/gsd-print-notifications

@@ -20,8 +20,8 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
   network inet stream,
   network inet6 stream,
 
-  signal (receive) set=(term, hup) peer=gdm*,
+  signal receive set=(term, hup) peer=gdm*,
-  signal (send) set=(hup) peer=gsd-printer,
+  signal send set=(hup) peer=gsd-printer,
 
   #aa:dbus own bus=session name=org.gnome.SettingsDaemon.PrintNotifications
 

apparmor.d/groups/gnome/papers

@@ -25,6 +25,10 @@ profile papers @{exec_path} {
 
   owner @{user_share_dirs}/gvfs-metadata/{,*} r,
 
+  owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk,
+  owner @{HOME}/.mozilla/firefox/*/pkcs11.txt rw,
+  owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db-journal rw,
+
   owner @{tmp}/.goutputstream-@{rand6} rw,
   owner @{tmp}/papers-@{int}/{,**} rw,
   owner @{tmp}/gtkprint_@{rand6} rw,

apparmor.d/groups/network/ModemManager

@@ -17,6 +17,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
   include <abstractions/dri>
 
   capability net_admin,
+  capability sys_admin,
 
   network qipcrtr dgram,
   network netlink raw,

apparmor.d/groups/network/mullvad-daemon

@@ -62,6 +62,7 @@ profile mullvad-daemon @{exec_path} flags=(attach_disconnected) {
   @{sys}/fs/cgroup/net_cls/mullvad-exclusions/net_cls.classid rw,
   @{sys}/fs/cgroup/system.slice/cpu.max r,
   @{sys}/fs/cgroup/system.slice/mullvad-daemon.service/cpu.max r,
+  @{sys}/fs/cgroup/system.slice/mullvad-early-boot-blocking.service/cpu.max r,
 
         @{PROC}/@{pid}/cgroup r,
         @{PROC}/sys/net/ipv{4,6}/conf/all/arp_ignore rw,