From 41525621aac762e9605aa05875897098f4977bff Mon Sep 17 00:00:00 2001
From: curiosityseeker <60518106+curiosityseeker@users.noreply.github.com>
Date: Mon, 4 Sep 2023 15:58:07 +0200
Subject: [PATCH] Various updates (#204)

---
 apparmor.d/groups/freedesktop/xdg-open   | 1 +
 apparmor.d/groups/kde/kactivitymanagerd  | 6 +++++-
 apparmor.d/groups/kde/kded5              | 3 +++
 apparmor.d/groups/kde/kwin_wayland       | 3 ++-
 apparmor.d/groups/kde/sddm               | 1 +
 apparmor.d/groups/kde/startplasma        | 2 +-
 apparmor.d/groups/pacman/mkinitcpio      | 4 +++-
 apparmor.d/groups/systemd/systemd-hwdb   | 3 ++-
 apparmor.d/groups/systemd/zram-generator | 4 +++-
 dists/flags/main.flags                   | 2 +-
 10 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/apparmor.d/groups/freedesktop/xdg-open b/apparmor.d/groups/freedesktop/xdg-open
index 109ebd9f..f0bc7314 100644
--- a/apparmor.d/groups/freedesktop/xdg-open
+++ b/apparmor.d/groups/freedesktop/xdg-open
@@ -29,6 +29,7 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) {
   @{bin}/exo-open     rPx,
   @{bin}/gio          rPx,
   #@{bin}/kde-open5  rPUx,
+  @{bin}/ktraderclient5 rPUx,
 
   @{bin}/dbus-launch  rCx -> dbus,
   @{bin}/dbus-send    rCx -> dbus,
diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd
index 905b8cc4..8c906b73 100644
--- a/apparmor.d/groups/kde/kactivitymanagerd
+++ b/apparmor.d/groups/kde/kactivitymanagerd
@@ -13,6 +13,7 @@ profile kactivitymanagerd @{exec_path} {
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
   include <abstractions/recent-documents-write>
+  include <abstractions/wayland>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
@@ -20,7 +21,9 @@ profile kactivitymanagerd @{exec_path} {
   /etc/xdg/menus/{,*/} r,
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
+  /usr/share/kf5/kactivitymanagerd/{,**} r,
   /usr/share/kservices5/{,**} r,
+  /usr/share/mime/{,**} r,
 
   /etc/xdg/kdeglobals r,
   /etc/machine-id r,
@@ -39,6 +42,7 @@ profile kactivitymanagerd @{exec_path} {
 
   owner @{user_share_dirs}/kactivitymanagerd/{,**} rwlk,
   owner @{user_share_dirs}/kservices5/{,**} r,
+  owner @{user_share_dirs}/recently-used.xbel r,
 
   @{PROC}/sys/kernel/core_pattern r,
   @{PROC}/sys/kernel/random/boot_id r,
@@ -46,4 +50,4 @@ profile kactivitymanagerd @{exec_path} {
   /dev/tty r,
 
   include if exists <local/kactivitymanagerd>
-}
\ No newline at end of file
+}
diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5
index 2b7cce34..9cb7807b 100644
--- a/apparmor.d/groups/kde/kded5
+++ b/apparmor.d/groups/kde/kded5
@@ -44,6 +44,7 @@ profile kded5 @{exec_path} {
   @{bin}/kcminit            rPx,
   @{bin}/pgrep              rCx -> pgrep,
   @{bin}/setxkbmap          rix,
+  @{bin}/xrdb               rPx,
   @{bin}/xsettingsd         rPx,
   @{lib}/kf5/kconf_update   rPx,
   @{lib}/utempter/utempter  rPx,
@@ -61,6 +62,7 @@ profile kded5 @{exec_path} {
 
   /etc/fstab r,
   /etc/machine-id r,
+  /etc/xdg/accept-languages.codes r,
   /etc/xdg/kcminputrc r,
   /etc/xdg/kde* r,
   /etc/xdg/kioslaverc r,
@@ -135,6 +137,7 @@ profile kded5 @{exec_path} {
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
 
+  /dev/disk/by-label/ r,
   /dev/ptmx rw,
   /dev/rfkill r,
 
diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland
index e3187350..82b2c644 100644
--- a/apparmor.d/groups/kde/kwin_wayland
+++ b/apparmor.d/groups/kde/kwin_wayland
@@ -17,6 +17,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   include <abstractions/freedesktop.org>
   include <abstractions/mesa>
   include <abstractions/nameservice-strict>
+  include <abstractions/qt5-shader-cache>
   include <abstractions/vulkan>
   include <abstractions/wayland>
 
@@ -55,7 +56,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   
 
   owner /var/lib/sddm/.cache/#@{int} rw,
-  owner /var/lib/sddm/.cache/fontconfig/* r,
+  owner /var/lib/sddm/.cache/fontconfig/* rw,
   owner /var/lib/sddm/.cache/mesa_shader_cache/** r,
   owner /var/lib/sddm/.cache/mesa_shader_cache/index rw,
   owner /var/lib/sddm/.cache/ksycoca5_* rwkl  -> /var/lib/sddm/.cache/#@{int},
diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm
index ee7228fb..9bd5d177 100644
--- a/apparmor.d/groups/kde/sddm
+++ b/apparmor.d/groups/kde/sddm
@@ -128,6 +128,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
 
   owner @{user_config_dirs}/kdeglobals r,
   owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/menus/{,**} r,
   owner @{user_config_dirs}/startkderc r,
 
   owner @{user_share_dirs}/ w,
diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma
index 2c470747..4e48363e 100644
--- a/apparmor.d/groups/kde/startplasma
+++ b/apparmor.d/groups/kde/startplasma
@@ -54,7 +54,7 @@ profile startplasma @{exec_path} {
   owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/ksplashrc r,
   owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk,
-  owner @{user_config_dirs}/menus/{,**.menu} r,
+  owner @{user_config_dirs}/menus/{,**} r,
   owner @{user_config_dirs}/plasma-localerc rwl,
   owner @{user_config_dirs}/plasma-localerc.lock rwk,
   owner @{user_config_dirs}/plasma-workspace/env/ r,
diff --git a/apparmor.d/groups/pacman/mkinitcpio b/apparmor.d/groups/pacman/mkinitcpio
index 828433eb..12a120f7 100644
--- a/apparmor.d/groups/pacman/mkinitcpio
+++ b/apparmor.d/groups/pacman/mkinitcpio
@@ -80,7 +80,7 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
   /etc/plymouth/plymouthd.conf r,
   /etc/vconsole.conf r,
 
-  /usr/share/kbd/keymaps/{,**} r,
+  /usr/share/kbd/{,**} r,
   /usr/share/plymouth/*.png r,
   /usr/share/plymouth/plymouthd.defaults r,
   /usr/share/plymouth/themes/{,**} r,
@@ -109,6 +109,8 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
 
   owner @{PROC}/@{pid}/mountinfo r,
 
+  /dev/tty@{int}* rw,
+
   # Inherit silencer
   deny @{HOME}/** r,
   deny network inet6 stream,
diff --git a/apparmor.d/groups/systemd/systemd-hwdb b/apparmor.d/groups/systemd/systemd-hwdb
index 0bb79f72..b60a7498 100644
--- a/apparmor.d/groups/systemd/systemd-hwdb
+++ b/apparmor.d/groups/systemd/systemd-hwdb
@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = @{bin}/systemd-hwdb
-profile systemd-hwdb @{exec_path} flags=(attach_disconnected) {
+profile systemd-hwdb @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
   include <abstractions/consoles>
 
@@ -15,6 +15,7 @@ profile systemd-hwdb @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
+  @{lib}/udev/#@{int} rwl,
   @{lib}/udev/.#hwdb.bin[0-9a-zA-Z]* wl -> @{lib}/udev/#@{int},
   @{lib}/udev/hwdb.bin w,
 
diff --git a/apparmor.d/groups/systemd/zram-generator b/apparmor.d/groups/systemd/zram-generator
index 10ba1e35..0b81b695 100644
--- a/apparmor.d/groups/systemd/zram-generator
+++ b/apparmor.d/groups/systemd/zram-generator
@@ -29,5 +29,7 @@ profile zram-generator @{exec_path} {
 
   @{PROC}/crypto r,
 
+  owner /dev/pts/@{int} rw,
+
   include if exists <local/zram-generator>
-}
\ No newline at end of file
+}
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 51dfc9cf..3d16b393 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -277,7 +277,7 @@ systemd-escape complain
 systemd-homed attach_disconnected,complain
 systemd-homework complain
 systemd-hostnamed attach_disconnected,complain
-systemd-hwdb attach_disconnected,complain
+systemd-hwdb attach_disconnected,mediate_deleted,complain
 systemd-inhibit attach_disconnected,complain
 systemd-localed attach_disconnected,complain
 systemd-logind attach_disconnected,complain