From feb1b78d470633abfe5c73d0f17e1e0843b8516e Mon Sep 17 00:00:00 2001
From: valoq <valoq@mailbox.org>
Date: Sun, 24 Aug 2025 17:32:04 +0200
Subject: [PATCH] add default path for plain use

firewall-applet: update profile

Update firewall-applet profile for support:

- Access to user config file (full access and lock)
- Access to cgroup info for pid process (read-only)
---
 apparmor.d/groups/firewall/firewall-applet | 3 +++
 apparmor.d/profiles-g-l/grim               | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/apparmor.d/groups/firewall/firewall-applet b/apparmor.d/groups/firewall/firewall-applet
index 280bd9d04..415a0bc58 100644
--- a/apparmor.d/groups/firewall/firewall-applet
+++ b/apparmor.d/groups/firewall/firewall-applet
@@ -21,6 +21,9 @@ profile firewall-applet @{exec_path} flags=(attach_disconnected) {
 
   owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/mounts r,
+  owner @{PROC}/@{pid}/cgroup r,
+
+  owner @{user_config_dirs}/firewall/applet.conf rw,
 
   include if exists <local/firewall-applet>
 }
diff --git a/apparmor.d/profiles-g-l/grim b/apparmor.d/profiles-g-l/grim
index 9f18db07b..9e40a8aca 100644
--- a/apparmor.d/profiles-g-l/grim
+++ b/apparmor.d/profiles-g-l/grim
@@ -13,6 +13,10 @@ profile grim @{exec_path} {
 
   @{exec_path} mr,
 
+  owner @{user_config_dirs}/user-dirs.dirs r,
+
+  owner @{HOME}/@{int8}_**_grim.png w,
+
   owner /dev/shm/grim-@{rand6} rw,
 
   include if exists <local/grim>