From 245898a9d2da324c99f33dded2406be659ff7806 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 20 Jul 2024 13:06:30 +0100
Subject: [PATCH] feat(profile): ensure any gnome extension can be launched.

see #422
---
 apparmor.d/groups/bus/dbus-session                | 1 +
 apparmor.d/groups/gnome/gnome-extension-ding      | 7 +++++--
 apparmor.d/groups/gnome/gnome-extension-gsconnect | 4 ++--
 apparmor.d/groups/gnome/gnome-shell               | 3 ++-
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/apparmor.d/groups/bus/dbus-session b/apparmor.d/groups/bus/dbus-session
index 423df6a2..d3da171f 100644
--- a/apparmor.d/groups/bus/dbus-session
+++ b/apparmor.d/groups/bus/dbus-session
@@ -40,6 +40,7 @@ profile dbus-session flags=(attach_disconnected) {
 
   @{bin}/**                   PUx,
   @{lib}/**                   PUx,
+  @{user_share_dirs}/*/**     PUx,
   /usr/share/*/**             PUx,
 
   /etc/dbus-1/{,**} r,
diff --git a/apparmor.d/groups/gnome/gnome-extension-ding b/apparmor.d/groups/gnome/gnome-extension-ding
index d8c5a9cf..1cef7f07 100644
--- a/apparmor.d/groups/gnome/gnome-extension-ding
+++ b/apparmor.d/groups/gnome/gnome-extension-ding
@@ -6,7 +6,10 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /usr/share/gnome-shell/extensions/ding@rastersoft.com/{,app/}ding.js
+@{share_dirs}  = /usr/share/gnome-shell/extensions/ding@rastersoft.com
+@{share_dirs} += @{user_share_dirs}/gnome-shell/extensions/ding@rastersoft.com
+
+@{exec_path} = @{share_dirs}/{,app/}ding.js
 profile gnome-extension-ding @{exec_path} {
   include <abstractions/base>
   include <abstractions/audio-client>
@@ -57,7 +60,7 @@ profile gnome-extension-ding @{exec_path} {
   @{bin}/gnome-control-center  rPx,
   @{bin}/nautilus              rPx,
 
-  /usr/share/gnome-shell/extensions/ding@rastersoft.com/{,app/}* r,
+  @{share_dirs}/{,**} r,
   /usr/share/thumbnailers/{,*.thumbnailer} r,
 
   owner @{HOME}/@{XDG_TEMPLATES_DIR}/ r,
diff --git a/apparmor.d/groups/gnome/gnome-extension-gsconnect b/apparmor.d/groups/gnome/gnome-extension-gsconnect
index 5808aeca..10db5f66 100644
--- a/apparmor.d/groups/gnome/gnome-extension-gsconnect
+++ b/apparmor.d/groups/gnome/gnome-extension-gsconnect
@@ -6,8 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{share_dirs}  = /usr/share/gnome-shell/extensions/gsconnect@andyholmes.github.io/
-@{share_dirs} += @{user_share_dirs}/gnome-shell/extensions/gsconnect@andyholmes.github.io/
+@{share_dirs}  = /usr/share/gnome-shell/extensions/gsconnect@andyholmes.github.io
+@{share_dirs} += @{user_share_dirs}/gnome-shell/extensions/gsconnect@andyholmes.github.io
 
 @{exec_path} = @{share_dirs}/service/daemon.js
 profile gnome-extension-gsconnect @{exec_path} {
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index 4e36f102..0e68c90a 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -188,7 +188,8 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{lib}/gio-launch-desktop                            rCx -> open,
   @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop   rCx -> open,
 
-  /usr/share/gnome-shell/extensions/ding@rastersoft.com/{,*/}ding.js rPx,
+  @{user_share_dirs}/gnome-shell/extensions/*/**       rPUx,
+  /usr/share/gnome-shell/extensions/*/**               rPUx,
 
   /opt/**/share/icons/{,**} r,
   /opt/*/**/*.png r,