feat(abs): add gnome-strict abstraction.

apparmor.d/abstractions/freedesktop.org.d/complete

@@ -5,11 +5,13 @@
 
   owner @{HOME}/.icons/{,**} r,
 
-  @{system_share_dirs}/*ubuntu/applications/{**,} r,
+  @{system_share_dirs}/*ubuntu/applications/{,**} r,
-  @{system_share_dirs}/gnome/applications/{**,} r,
+  @{system_share_dirs}/gnome/applications/{,**} r,
-  @{system_share_dirs}/xfce4/applications/{**,} r,
+  @{system_share_dirs}/xfce4/applications/{,**} r,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
   /etc/gnome/defaults.list r,
   /etc/xfce4/defaults.list r,  
 
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+  /var/lib/snapd/desktop/icons/{,**} r,

apparmor.d/abstractions/gnome-strict

@@ -0,0 +1,34 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  abi <abi/3.0>,
+
+  include <abstractions/fonts>
+  include <abstractions/freedesktop.org>
+  include <abstractions/gtk>
+  include <abstractions/wayland>
+  include <abstractions/X-strict>
+
+  dbus receive bus=session
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect 
+       peer=(name=:*, label=gnome-shell),
+
+  @{lib}/{,/@{multiarch}/}gtk*/** mr,
+
+  /usr/{local/,}share/ r,
+  /usr/{local/,}share/glib-@{int}.@{int}/schemas/** r,
+  /usr/{local/,}share/gvfs/remote-volume-monitors/{,*}  r,
+
+  /etc/gnome/* r,
+  /etc/xdg/{,*-}mimeapps.list r,
+
+  /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,
+
+  owner @{HOME}/.local/ rw,
+  owner @{user_cache_dirs}/ rw,
+  owner @{user_config_dirs}/ rw,
+  owner @{user_share_dirs}/ rw,
+
+  include if exists <abstractions/gnome-strict.d>