From 0525e51cde5769535817d66bb2fa890a1434a926 Mon Sep 17 00:00:00 2001
From: Roman Beslik <me@beroal.in.ua>
Date: Sun, 13 Oct 2024 14:19:52 +0300
Subject: [PATCH] xdg-mime xdg-open xdg-settings xprop

---
 apparmor.d/groups/freedesktop/xdg-mime     | 9 +++++++++
 apparmor.d/groups/freedesktop/xdg-open     | 8 +++++++-
 apparmor.d/groups/freedesktop/xdg-settings | 5 +++++
 apparmor.d/groups/freedesktop/xprop        | 1 +
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/groups/freedesktop/xdg-mime b/apparmor.d/groups/freedesktop/xdg-mime
index e2486f9f..650d1f55 100644
--- a/apparmor.d/groups/freedesktop/xdg-mime
+++ b/apparmor.d/groups/freedesktop/xdg-mime
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/xdg-mime
 profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/freedesktop.org>
 
   @{exec_path} r,
@@ -50,14 +51,22 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   @{bin}/vendor_perl/mimetype Px,
   @{bin}/xprop                Px,
 
+  owner @{user_config_dirs}/mimeapps.list{,.new} rw,
+
   owner @{tmp}/wl-copy-buffer-@{rand6}/stdin r,
 
+  @{PROC}/version r,
+
   /dev/tty rw,
 
   profile bus flags=(complain) {
     include <abstractions/base>
     include <abstractions/app/bus>
     include <abstractions/bus-session>
+    include <abstractions/consoles>
+
+    @{bin}/dbus-send mr,
+
     include if exists <local/xdg-mime_bus>
   }
 
diff --git a/apparmor.d/groups/freedesktop/xdg-open b/apparmor.d/groups/freedesktop/xdg-open
index 8e90bc42..b0b44e38 100644
--- a/apparmor.d/groups/freedesktop/xdg-open
+++ b/apparmor.d/groups/freedesktop/xdg-open
@@ -20,6 +20,7 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) {
   @{bin}/basename   ix,
   @{bin}/cat        ix,
   @{bin}/cut        ix,
+  @{bin}/env        ix,
   @{bin}/readlink   ix,
   @{bin}/realpath   ix,
   @{bin}/sed        ix,
@@ -35,10 +36,15 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) {
   @{bin}/xdg-mime             Px,
   @{open_path}                Px -> child-open-any,
 
-  profile bus {
+  @{PROC}/version r,
+
+  profile bus flags=(attach_disconnected) {
     include <abstractions/base>
     include <abstractions/app/bus>
     include <abstractions/bus-session>
+    include <abstractions/consoles>
+
+    @{bin}/dbus-send mr,
 
     include if exists <local/xdg-open_bus>
   }
diff --git a/apparmor.d/groups/freedesktop/xdg-settings b/apparmor.d/groups/freedesktop/xdg-settings
index f64b879f..2525e146 100644
--- a/apparmor.d/groups/freedesktop/xdg-settings
+++ b/apparmor.d/groups/freedesktop/xdg-settings
@@ -28,6 +28,7 @@ profile xdg-settings @{exec_path} {
   @{bin}/realpath  rix,
   @{bin}/rm         ix,
   @{bin}/sed        ix,
+  @{bin}/sleep      ix,
   @{bin}/sort       ix,
   @{bin}/touch      ix,
   @{bin}/tr         ix,
@@ -46,6 +47,7 @@ profile xdg-settings @{exec_path} {
   @{bin}/xprop                Px,
 
   owner @{user_config_dirs}/xfce4/helpers.rc{,.@{rand6}} rw,
+  owner @{user_share_dirs}/applications/{,**} rw,
 
   @{PROC}/version r,
 
@@ -55,6 +57,9 @@ profile xdg-settings @{exec_path} {
     include <abstractions/base>
     include <abstractions/app/bus>
     include <abstractions/bus-session>
+    include <abstractions/consoles>
+
+    @{bin}/dbus-send mr,
 
     include if exists <local/xdg-settings_bus>
   }
diff --git a/apparmor.d/groups/freedesktop/xprop b/apparmor.d/groups/freedesktop/xprop
index 99959fc7..f83afae6 100644
--- a/apparmor.d/groups/freedesktop/xprop
+++ b/apparmor.d/groups/freedesktop/xprop
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/xprop
 profile xprop @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/freedesktop.org>
   include <abstractions/X-strict>