feat(profiles): general update.

apparmor.d/groups/gnome/gdm-runtime-config

@@ -12,7 +12,7 @@ profile gdm-runtime-config @{exec_path} {
 
   @{exec_path} mr,
 
-  @{run}/gdm/ r,
+  @{run}/gdm/ rw,
   @{run}/gdm/custom.conf* rw,
 
   include if exists <local/gdm-runtime-config>

apparmor.d/groups/gnome/gdm-session-worker

@@ -82,6 +82,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/loginuid rw,
   owner @{PROC}/@{pid}/task/@{tid}/attr/exec rw,
   owner @{PROC}/@{pid}/uid_map r,
+        @{PROC}/@{pids}/cgroup r,
         @{PROC}/1/limits r,
         @{PROC}/keys r,
 

apparmor.d/groups/gnome/gnome-shell

@@ -110,6 +110,11 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
        interface=org.freedesktop.DBus.Properties
        member=PropertiesChanged,
 
+  dbus receive bus=system
+       path=/org/freedesktop/PolicyKit[0-9]/AuthenticationAgent
+       interface=org.freedesktop.PolicyKit[0-9].AuthenticationAgent
+       member=BeginAuthentication,
+ 
   @{exec_path} mr,
 
   /{usr/,}bin/Xwayland        rPx,
@@ -234,7 +239,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/**/hwmon[0-9]*/**/{,name,temp*,fan*} r,
   @{sys}/devices/**/hwmon/{,name,temp*,fan*} r,
   @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
-  @{sys}/devices/**/power_supply/**/{type,online} r,
+  @{sys}/devices/**/power_supply/{,**} r,
   @{sys}/devices/pci[0-9]*/**/boot_vga r,
   @{sys}/devices/pci[0-9]*/**/drm/ r,
   @{sys}/devices/pci[0-9]*/**/input[0-9]*/{properties,name} r,

apparmor.d/groups/gnome/goa-daemon

@@ -37,7 +37,8 @@ profile goa-daemon @{exec_path} {
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
-  owner @{user_config_dirs}/goa-1.0/accounts.conf r,
+  owner @{user_config_dirs}/goa-1.0/ rw,
+  owner @{user_config_dirs}/goa-1.0/accounts.conf* rw,
 
   include if exists <local/goa-daemon>
 }

apparmor.d/groups/gnome/seahorse

@@ -9,11 +9,22 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/seahorse
 profile seahorse @{exec_path} {
   include <abstractions/base>
+  include <abstractions/dbus-session-strict>
+  include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
   include <abstractions/gnome>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
 
+  dbus send bus=system path=/
+       interface=org.freedesktop.Avahi.Server
+       member={GetAPIVersion,GetState,ServiceBrowserNew}
+       peer=(name=org.freedesktop.Avahi),
+
+  dbus receive bus=system path=/Client[0-9]*/ServiceBrowser[0-9]*
+       interface=org.freedesktop.Avahi.ServiceBrowser
+       member={CacheExhausted,AllForNow},
+
   @{exec_path} mr,
 
   /{usr/,}bin/gpgconf  rPx,
@@ -21,8 +32,10 @@ profile seahorse @{exec_path} {
   /{usr/,}bin/gpgsm    rPx,
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
-  
-  # Seahorse and SSH keys
+  /usr/share/ubuntu/applications/ r,
+
+  /var/lib/snapd/desktop/icons/ r,
+
   owner @{HOME}/@{XDG_SSH_DIR}/{,**} r,
 
   owner @{PROC}/@{pid}/fd/ r,