From 1a31d8271eb40bbe6469b0ea11b6edc3d22eadd3 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 7 Oct 2021 14:56:01 +0100
Subject: [PATCH] Add xdg-desktop-portal.

---
 apparmor.d/profiles-s-z/xdg-desktop-portal    | 33 +++++++++++++++++++
 .../profiles-s-z/xdg-desktop-portal-gtk       | 25 ++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 apparmor.d/profiles-s-z/xdg-desktop-portal
 create mode 100644 apparmor.d/profiles-s-z/xdg-desktop-portal-gtk

diff --git a/apparmor.d/profiles-s-z/xdg-desktop-portal b/apparmor.d/profiles-s-z/xdg-desktop-portal
new file mode 100644
index 00000000..d9108b5d
--- /dev/null
+++ b/apparmor.d/profiles-s-z/xdg-desktop-portal
@@ -0,0 +1,33 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}lib/xdg-desktop-portal
+profile xdg-desktop-portal @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+  /usr/share/mime/mime.cache r,
+  /usr/share/pipewire/client.conf r,
+  /usr/share/xdg-desktop-portal/portals/{,*.portal} r,
+
+  owner @{user_config_dirs}/user-dirs.dirs r,
+
+  include <abstractions/dconf>
+  owner @{run}/user/@{uid}/dconf/ rw,
+  owner @{run}/user/@{uid}/dconf/user rw,
+
+  @{PROC}/sys/kernel/osrelease r,
+  @{PROC}/cmdline r,
+
+  include if exists <local/xdg-desktop-portal>
+}
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/xdg-desktop-portal-gtk b/apparmor.d/profiles-s-z/xdg-desktop-portal-gtk
new file mode 100644
index 00000000..1b771386
--- /dev/null
+++ b/apparmor.d/profiles-s-z/xdg-desktop-portal-gtk
@@ -0,0 +1,25 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}lib/xdg-desktop-portal-gtk
+profile xdg-desktop-portal-gtk @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/fonts>
+  include <abstractions/freedesktop.org>
+
+  @{exec_path} mr,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+  /usr/share/themes/{,**} r,
+  /usr/share/X11/xkb/{,**} r,
+
+  include <abstractions/dconf>
+  owner @{run}/user/@{uid}/dconf/user rw,
+
+  include if exists <local/xdg-desktop-portal-gtk>
+}
\ No newline at end of file