apparmor.d/apparmor.d/abstractions/app-open

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# Instead of allowing the run of all software in @{bin}/, @{lib} the purpose of
# this abstraction is to list all GUI program that can open resources.

# Ultimately, only sandbox manager such as like bwrap, snap, flatpak, firejail
# should be present here. Until this day, this profile will be a controlled mess.

  abi <abi/4.0>,

  # Sandbox managers
  @{bin}/bwrap                  rPUx,
  @{bin}/firejail               rPUx,
  @{bin}/flatpak                rPx,
  @{bin}/snap                   rPx,

  # Labeled programs
  @{archive_viewers_path}       rPUx,
  @{browsers_path}              rPx,
  @{document_viewers_path}      rPUx,
  @{emails_path}                rPUx,
  @{file_explorers_path}        rPx,
  @{help_path}                  rPx,
  @{image_viewers_path}         rPUx,
  @{offices_path}               rPUx,
  @{text_editors_path}          rPUx,

  # Others
  @{bin}/amule                  rPx,
  @{bin}/blueman-tray           rPx,
  @{bin}/discord{,-ptb}         rPx,
  @{bin}/draw.io                rPUx,
  @{bin}/dropbox                rPx,
  @{bin}/element-desktop        rPx,
  @{bin}/extension-manager      rPx,
  @{bin}/filezilla              rPx,
  @{bin}/flameshot              rPx,
  @{bin}/gimp*                  rPUx,
  @{bin}/gnome-calculator       rPUx,
  @{bin}/gnome-disk-image-mounter rPx,
  @{bin}/gnome-disks            rPx,
  @{bin}/gnome-software         rPx,
  @{bin}/gwenview               rPUx,
  @{bin}/kgx                    rPx,
  @{bin}/qbittorrent            rPx,
  @{bin}/qpdfview               rPx,
  @{bin}/smplayer               rPx,
  @{bin}/steam-runtime          rPUx,
  @{bin}/telegram-desktop       rPx,
  @{bin}/transmission-gtk       rPx,
  @{bin}/viewnior               rPUx,
  @{bin}/vlc                    rPUx,
  @{bin}/xbrlapi 	              rPx,

  #aa:only opensuse
  @{lib}/YaST2/** rPUx,


  include if exists <abstractions/app-open.d>

# vim:syntax=apparmor