feat(tunable): add the user defined private directories

- Add @{XDG_PRIVATE_DIR} & @{user_private_dirs}
- This directories are denied in file browser and search engine.

apparmor.d/abstractions/deny-sensitive-home

@@ -39,12 +39,13 @@
   deny @{user_password_store_dirs}/{,**}  mrwkl,
   deny @{user_share_dirs}/kwalletd/{,**}  mrwkl,
 
+  # User defined private directories
+  deny @{user_private_dirs}/**               mrxwlk,
+  deny @{HOMEDIRS}/**/@{XDG_PRIVATE_DIR}/**  mrxwlk,
+  deny @{MOUNTS}/**/@{XDG_PRIVATE_DIR}/**    mrxwlk,
+
   # Deny executable mapping in writable space as allowed in abstractions/fonts
   deny @{HOME}/.{,cache/}fontconfig/ rw,
   deny @{HOME}/.{,cache/}fontconfig/** mrwl,
 
-  # Deny executable mapping in writable space as allowed in abstractions/base for ecryptfs
-  deny @{HOME}/.Private/** mrxwlk,
-  deny @{HOMEDIRS}/.ecryptfs/*/.Private/** mrxwlk,
-
   include if exists <abstractions/deny-sensitive-home.d>

apparmor.d/tunables/home.d/apparmor.d

@@ -30,6 +30,9 @@
 @{XDG_GPG_DIR}=".gnupg"
 @{XDG_PASSWORD_STORE_DIR}=".password-store"
 
+# User personal private directories
+@{XDG_PRIVATE_DIR}=".{p,P}rivate" "{p,P}rivate"
+
 # Definition of local user configuration directories
 @{XDG_CACHE_DIR}=".cache"
 @{XDG_CONFIG_DIR}=".config"
@@ -61,3 +64,4 @@
 @{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}
 @{user_work_dirs}=@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR}
 @{user_password_store_dirs}=@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}
+@{user_private_dirs}=@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR}