feat(profiles): general update.

apparmor.d/abstractions/chromium

@@ -120,12 +120,7 @@
   owner @{chromium_config_dirs}/** rwk,
   owner @{chromium_config_dirs}/WidevineCdm/*/_platform_specific/linux_*/libwidevinecdm.so mrw,
 
-  owner @{chromium_cache_dirs}/{,**/} rw,
-  owner @{chromium_cache_dirs}/*/**/{*-,}index rw,
-  owner @{chromium_cache_dirs}/*/**/@{hex}_? rw,
-  owner @{chromium_cache_dirs}/*/**/todelete_* rw,
-  owner @{chromium_cache_dirs}/PnaclTranslationCache/index rw,
-  owner @{chromium_cache_dirs}/PnaclTranslationCache/data_[0-9]*[0-9] rw,
+  owner @{chromium_cache_dirs}/{,**} rw,
 
   # For importing data (bookmarks, cookies, etc) from Firefox
   # owner @{HOME}/.mozilla/firefox/profiles.ini r,

apparmor.d/abstractions/dbus-session-strict.d/complete

@@ -9,3 +9,5 @@
 
   owner @{run}/user/@{uid}/at-spi/ rw,
   owner @{run}/user/@{uid}/at-spi/bus{,_[0-9]*} rw,
+  
+  owner /tmp/dbus-[0-9a-zA-Z]* rw,

apparmor.d/groups/gnome/evolution-alarm-notify

@@ -17,6 +17,8 @@ profile evolution-alarm-notify @{exec_path} {
   include <abstractions/opencl>
   include <abstractions/openssl>
 
+  network netlink raw,
+
   @{exec_path} mr,
 
   /usr/share/evolution-data-server/{,**} r,

apparmor.d/groups/gnome/gnome-disks

@@ -15,6 +15,9 @@ profile gnome-disks @{exec_path} {
 
   @{exec_path} mr,
 
+  /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop  rPx -> child-open,
+  /{usr/,}lib/gio-launch-desktop                           rPx -> child-open,
+
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/X11/xkb/{,**} r,
 

apparmor.d/groups/gnome/gnome-shell

@@ -559,11 +559,13 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   owner @{HOME}/@{XDG_SCREENSHOTS_DIR}/{,**} rw,
   owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
 
-  owner @{user_music_dirs}/**/*.jpg r,
+  owner @{user_games_dirs}/**/*.{png,jpg} r,
+  owner @{user_music_dirs}/**/*.{png,jpg} r,
 
-  owner @{user_config_dirs}/ibus/ w,
   owner @{user_config_dirs}/.goutputstream{,*} rw,
+  owner @{user_config_dirs}/ibus/ w,
   owner @{user_config_dirs}/monitors.xml{,~} rwl,
+  owner @{user_config_dirs}/tiling-assistant/{,**} rw,
 
   owner @{user_share_dirs}/backgrounds/{,**} rw,
   owner @{user_share_dirs}/desktop-directories/{,**} r,

apparmor.d/groups/network/mullvad-gui

@@ -35,7 +35,7 @@ profile mullvad-gui @{exec_path} {
   "/opt/Mullvad VPN/*.so*" mr,
 
   /{usr/,}bin/{,ba,da}sh  rix,
-  /{usr/,}bin/gsettings   rPx,
+  /{usr/,}bin/gsettings   rix,
   /{usr/,}bin/xdg-open    rPx,
 
   "/opt/Mullvad VPN/{,**}" r,
@@ -47,7 +47,6 @@ profile mullvad-gui @{exec_path} {
   /var/lib/dbus/machine-id r,
 
   owner "@{user_config_dirs}/Mullvad VPN/{,**}" rwk,
-  owner @{user_cache_dirs}/dconf/user rw,
 
   owner "/tmp/.org.chromium.Chromium.*/Mullvad VPN*.png" rw,
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[a-zA-z0-9]* r,

apparmor.d/profiles-m-r/molly-guard

@@ -19,7 +19,7 @@ profile molly-guard @{exec_path} {
 
   /{usr/,}bin/{,ba,da}sh  rix,
   /{usr/,}bin/hostname    rix,
-  /{usr/,}bin/pgrep       rix,
+  /{usr/,}bin/{,e,p}grep  rix,
   /{usr/,}bin/run-parts   rix,
   /{usr/,}bin/systemctl   rPx -> child-systemctl,
   /{usr/,}bin/tr          rix,

apparmor.d/profiles-s-z/sgdisk

@@ -12,13 +12,6 @@ profile sgdisk @{exec_path} {
   include <abstractions/base>
   include <abstractions/disks-write>
 
-  # Needed to inform the system of newly created/removed partitions
-  #  ioctl(3, BLKRRPART)              = -1 EACCES (Permission denied)
-  #
-  #  Warning: The kernel is still using the old partition table.
-  #  The new table will be used at the next reboot or after you
-  #  run partprobe(8) or kpartx(8)
-  #  The operation has completed successfully.
   capability sys_admin,
 
   @{exec_path} mr,

apparmor.d/profiles-s-z/udisksd

@@ -98,9 +98,10 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   /{usr/,}{s,}bin/mkfs.btrfs       rPx,
   /{usr/,}{s,}bin/mkfs.ext{2,3,4}  rPx,
   /{usr/,}{s,}bin/mkfs.fat         rPx,
+  /{usr/,}{s,}bin/sfdisk           rPx,
+  /{usr/,}{s,}bin/sgdisk           rPx,
   /{usr/,}bin/eject                rPx,
   /{usr/,}bin/ntfs-3g              rPx,
-  /{usr/,}{s,}bin/sfdisk           rPx,
   /{usr/,}bin/ntfsfix              rPx,
   /{usr/,}bin/systemctl            rPx -> child-systemctl,
   /{usr/,}bin/systemd-escape       rPx,