# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2018-2021 Mikhail Morfikov
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{exec_path} = @{lib}/{,dconf/}dconf-service
profile dconf-service @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/attached/consoles>
  include <abstractions/bus-session>
  include <abstractions/dconf-write>

  signal (receive) set=(term kill hup) peer=dbus-session,
  signal (receive) set=(term hup) peer=gdm{,-session-worker},

  #aa:dbus own bus=session name=ca.desrt.dconf

  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
       member=Introspect
       peer=(name=:*, label=gnome-shell),

  @{exec_path} mr,

  owner @{desktop_config_dirs}/dconf/ rw,
  owner @{desktop_config_dirs}/dconf/user rw,
  owner @{desktop_config_dirs}/dconf/user.* rw,

  owner @{user_config_dirs}/dconf/ rw,
  owner @{user_config_dirs}/dconf/user{,.*} rw,

  owner @{user_cache_dirs}/ rw,
  owner @{user_cache_dirs}/dconf/ rw,
  owner @{user_cache_dirs}/dconf/user rw,

  @{PROC}/cmdline r,

  include if exists <local/dconf-service>
}

# vim:syntax=apparmor