feat(profiles): improve kde integration.

apparmor.d/groups/kde/dolphin

@@ -10,6 +10,7 @@ include <tunables/global>
 profile dolphin @{exec_path} {
   include <abstractions/base>
   include <abstractions/deny-sensitive-home>
+  include <abstractions/devices-usb>
   include <abstractions/dri-common>
   include <abstractions/dri-enumerate>
   include <abstractions/fonts>

apparmor.d/groups/kde/kconf_update

@@ -52,6 +52,8 @@ profile kconf_update @{exec_path} {
   owner @{user_config_dirs}/akregatorrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/dolphinrc.lock rwk,
   owner @{user_config_dirs}/dolphinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
+  owner @{user_config_dirs}/gtk-{3,4}.0/* rwlk -> @{user_config_dirs}/gtk-{3,4}.0/**,
+  owner @{user_config_dirs}/kactivitymanagerd-statsrc rw,
   owner @{user_config_dirs}/kateschemarc.lock rwk,
   owner @{user_config_dirs}/kateschemarc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/kcminputrc.lock rwk,
@@ -83,9 +85,8 @@ profile kconf_update @{exec_path} {
   owner @{user_config_dirs}/kwinrulesrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/kxkbrc.lock rwk,
   owner @{user_config_dirs}/kxkbrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
-  owner @{user_config_dirs}/plasmashellrc r,
-  owner @{user_config_dirs}/kactivitymanagerd-statsrc rw,
   owner @{user_config_dirs}/plasma-org.kde.plasma.desktop-appletsrc rw,
+  owner @{user_config_dirs}/plasmashellrc r,
   owner @{user_config_dirs}/sed@{rand6} rw,
   owner @{user_config_dirs}/xsettingsd/xsettingsd.conf rw,
 

apparmor.d/groups/kde/kde-powerdevil

@@ -50,10 +50,15 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted)
   @{PROC}/sys/kernel/core_pattern r,
   @{PROC}/sys/kernel/random/boot_id r,
 
+  @{sys}/bus/ r,
   @{sys}/class/ r,
   @{sys}/class/drm/ r,
-  @{sys}/bus/ r,
+  @{sys}/class/i2c-dev/ r,
+  @{sys}/class/usbmisc/ r,
   @{sys}/devices/@{pci}/drm/card@{int}/*/status r,
+  @{sys}/devices/i2c-[0-9]*/name r,
+  @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r,
+  @{sys}/devices/platform/*/i2c-[0-9]*/name r,
 
   /dev/tty rw,
   /dev/rfkill r,

apparmor.d/groups/kde/kwin_wayland

@@ -74,28 +74,29 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   owner @{user_cache_dirs}/ r,
   owner @{user_cache_dirs}/#@{int} rw,
   owner @{user_cache_dirs}/icon-cache.kcache rw,
-  owner @{user_share_dirs}/kscreen/* r,
   owner @{user_cache_dirs}/ksycoca5_* r,
-  owner @{user_cache_dirs}/kwin/qmlcache/#@{int} rw,
   owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc rw,
   owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc.@{rand6} rwl -> @{user_cache_dirs}/kwin/qmlcache/#@{int},
-  owner @{user_cache_dirs}/plasma-svgelements r,
-  owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
-  owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwl -> @{user_cache_dirs}/#@{int},
+  owner @{user_cache_dirs}/kwin/qmlcache/#@{int} rw,
   owner @{user_cache_dirs}/plasma_theme_default_v*.kcache rw,
+  owner @{user_cache_dirs}/plasma-svgelements r,
+  owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwl -> @{user_cache_dirs}/#@{int},
+  owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
+  owner @{user_share_dirs}/kscreen/* r,
 
   owner @{user_config_dirs}/#@{int} rwl,
   owner @{user_config_dirs}/kcminputrc r,
   owner @{user_config_dirs}/kdedefaults/* r,
   owner @{user_config_dirs}/kdeglobals r,
-  owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk,
+  owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/kscreenlockerrc r,
-  owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/kwinrc.lock rwk,
+  owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/kwinrulesrc r,
   owner @{user_config_dirs}/kxkbrc r,
   owner @{user_config_dirs}/menus/{,applications-merged/} r,
+  owner @{user_config_dirs}/session/* r, 
 
   @{run}/systemd/inhibit/*.ref rw,
 

apparmor.d/groups/kde/plasma-browser-integration-host

@@ -11,11 +11,12 @@ profile plasma-browser-integration-host @{exec_path} {
   include <abstractions/base>
   include <abstractions/dri-common>
   include <abstractions/dri-enumerate>
+  include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
   include <abstractions/qt5>
   include <abstractions/vulkan>
-  include <abstractions/nameservice-strict>
 
   capability sys_ptrace,