From 265e3928c118ca9341d9ecc4d2a2f71bede52be4 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 1 Sep 2024 20:13:51 +0100
Subject: [PATCH] feat(profile): mesa: mesa_shader_cache_db is often passed as
 fd.

---
 apparmor.d/abstractions/mesa.d/complete     | 1 +
 apparmor.d/groups/browsers/chromium-wrapper | 1 +
 apparmor.d/groups/freedesktop/xkbcomp       | 1 +
 apparmor.d/groups/gnome/gnome-shell         | 1 +
 apparmor.d/profiles-s-z/terminator          | 1 +
 5 files changed, 5 insertions(+)

diff --git a/apparmor.d/abstractions/mesa.d/complete b/apparmor.d/abstractions/mesa.d/complete
index 85c647b4..0e437190 100644
--- a/apparmor.d/abstractions/mesa.d/complete
+++ b/apparmor.d/abstractions/mesa.d/complete
@@ -4,6 +4,7 @@
 
   # Extra Mesa rules for desktop environments
   owner @{desktop_cache_dirs}/ w,
+  owner @{desktop_cache_dirs}/mesa_shader_cache_db/ rw,
   owner @{desktop_cache_dirs}/mesa_shader_cache/ rw,
   owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/ rw,
   owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/@{hex38} rw,
diff --git a/apparmor.d/groups/browsers/chromium-wrapper b/apparmor.d/groups/browsers/chromium-wrapper
index 0a501772..4368d6b2 100644
--- a/apparmor.d/groups/browsers/chromium-wrapper
+++ b/apparmor.d/groups/browsers/chromium-wrapper
@@ -11,6 +11,7 @@ include <tunables/global>
 profile chromium-wrapper @{exec_path} {
   include <abstractions/base>
   include <abstractions/freedesktop.org>
+  include <abstractions/mesa>
 
   @{exec_path} r,
 
diff --git a/apparmor.d/groups/freedesktop/xkbcomp b/apparmor.d/groups/freedesktop/xkbcomp
index ef719d67..c055b9be 100644
--- a/apparmor.d/groups/freedesktop/xkbcomp
+++ b/apparmor.d/groups/freedesktop/xkbcomp
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/xkbcomp
 profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/mesa>
   include <abstractions/X-strict>
 
   unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index c76b81ab..d39c25b2 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -404,6 +404,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
 
   profile open flags=(attach_disconnected,mediate_deleted,complain) {
     include <abstractions/base>
+    include <abstractions/mesa>
 
     network inet stream,
     network unix stream,
diff --git a/apparmor.d/profiles-s-z/terminator b/apparmor.d/profiles-s-z/terminator
index 3f9ba6e2..3d6470db 100644
--- a/apparmor.d/profiles-s-z/terminator
+++ b/apparmor.d/profiles-s-z/terminator
@@ -15,6 +15,7 @@ profile terminator @{exec_path} flags=(attach_disconnected) {
   include <abstractions/consoles>
   include <abstractions/dconf-write>
   include <abstractions/desktop>
+  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
   include <abstractions/python>