Various updates (#204)

apparmor.d/groups/freedesktop/xdg-open

@@ -29,6 +29,7 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) {
   @{bin}/exo-open     rPx,
   @{bin}/gio          rPx,
   #@{bin}/kde-open5  rPUx,
+  @{bin}/ktraderclient5 rPUx,
 
   @{bin}/dbus-launch  rCx -> dbus,
   @{bin}/dbus-send    rCx -> dbus,

apparmor.d/groups/kde/kactivitymanagerd

@@ -13,6 +13,7 @@ profile kactivitymanagerd @{exec_path} {
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
   include <abstractions/recent-documents-write>
+  include <abstractions/wayland>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
@@ -20,7 +21,9 @@ profile kactivitymanagerd @{exec_path} {
   /etc/xdg/menus/{,*/} r,
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
+  /usr/share/kf5/kactivitymanagerd/{,**} r,
   /usr/share/kservices5/{,**} r,
+  /usr/share/mime/{,**} r,
 
   /etc/xdg/kdeglobals r,
   /etc/machine-id r,
@@ -39,6 +42,7 @@ profile kactivitymanagerd @{exec_path} {
 
   owner @{user_share_dirs}/kactivitymanagerd/{,**} rwlk,
   owner @{user_share_dirs}/kservices5/{,**} r,
+  owner @{user_share_dirs}/recently-used.xbel r,
 
   @{PROC}/sys/kernel/core_pattern r,
   @{PROC}/sys/kernel/random/boot_id r,
@@ -46,4 +50,4 @@ profile kactivitymanagerd @{exec_path} {
   /dev/tty r,
 
   include if exists <local/kactivitymanagerd>
-}
+}

apparmor.d/groups/kde/kded5

@@ -44,6 +44,7 @@ profile kded5 @{exec_path} {
   @{bin}/kcminit            rPx,
   @{bin}/pgrep              rCx -> pgrep,
   @{bin}/setxkbmap          rix,
+  @{bin}/xrdb               rPx,
   @{bin}/xsettingsd         rPx,
   @{lib}/kf5/kconf_update   rPx,
   @{lib}/utempter/utempter  rPx,
@@ -61,6 +62,7 @@ profile kded5 @{exec_path} {
 
   /etc/fstab r,
   /etc/machine-id r,
+  /etc/xdg/accept-languages.codes r,
   /etc/xdg/kcminputrc r,
   /etc/xdg/kde* r,
   /etc/xdg/kioslaverc r,
@@ -135,6 +137,7 @@ profile kded5 @{exec_path} {
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
 
+  /dev/disk/by-label/ r,
   /dev/ptmx rw,
   /dev/rfkill r,
 

apparmor.d/groups/kde/kwin_wayland

@@ -17,6 +17,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   include <abstractions/freedesktop.org>
   include <abstractions/mesa>
   include <abstractions/nameservice-strict>
+  include <abstractions/qt5-shader-cache>
   include <abstractions/vulkan>
   include <abstractions/wayland>
 
@@ -55,7 +56,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   
 
   owner /var/lib/sddm/.cache/#@{int} rw,
-  owner /var/lib/sddm/.cache/fontconfig/* r,
+  owner /var/lib/sddm/.cache/fontconfig/* rw,
   owner /var/lib/sddm/.cache/mesa_shader_cache/** r,
   owner /var/lib/sddm/.cache/mesa_shader_cache/index rw,
   owner /var/lib/sddm/.cache/ksycoca5_* rwkl  -> /var/lib/sddm/.cache/#@{int},

apparmor.d/groups/kde/sddm

@@ -128,6 +128,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
 
   owner @{user_config_dirs}/kdeglobals r,
   owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/menus/{,**} r,
   owner @{user_config_dirs}/startkderc r,
 
   owner @{user_share_dirs}/ w,

apparmor.d/groups/kde/startplasma

@@ -54,7 +54,7 @@ profile startplasma @{exec_path} {
   owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/ksplashrc r,
   owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk,
-  owner @{user_config_dirs}/menus/{,**.menu} r,
+  owner @{user_config_dirs}/menus/{,**} r,
   owner @{user_config_dirs}/plasma-localerc rwl,
   owner @{user_config_dirs}/plasma-localerc.lock rwk,
   owner @{user_config_dirs}/plasma-workspace/env/ r,

apparmor.d/groups/pacman/mkinitcpio

@@ -80,7 +80,7 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
   /etc/plymouth/plymouthd.conf r,
   /etc/vconsole.conf r,
 
-  /usr/share/kbd/keymaps/{,**} r,
+  /usr/share/kbd/{,**} r,
   /usr/share/plymouth/*.png r,
   /usr/share/plymouth/plymouthd.defaults r,
   /usr/share/plymouth/themes/{,**} r,
@@ -109,6 +109,8 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
 
   owner @{PROC}/@{pid}/mountinfo r,
 
+  /dev/tty@{int}* rw,
+
   # Inherit silencer
   deny @{HOME}/** r,
   deny network inet6 stream,

apparmor.d/groups/systemd/systemd-hwdb

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = @{bin}/systemd-hwdb
-profile systemd-hwdb @{exec_path} flags=(attach_disconnected) {
+profile systemd-hwdb @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
   include <abstractions/consoles>
 
@@ -15,6 +15,7 @@ profile systemd-hwdb @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
+  @{lib}/udev/#@{int} rwl,
   @{lib}/udev/.#hwdb.bin[0-9a-zA-Z]* wl -> @{lib}/udev/#@{int},
   @{lib}/udev/hwdb.bin w,
 

apparmor.d/groups/systemd/zram-generator

@@ -29,5 +29,7 @@ profile zram-generator @{exec_path} {
 
   @{PROC}/crypto r,
 
+  owner /dev/pts/@{int} rw,
+
   include if exists <local/zram-generator>
-}
+}

dists/flags/main.flags

@@ -277,7 +277,7 @@ systemd-escape complain
 systemd-homed attach_disconnected,complain
 systemd-homework complain
 systemd-hostnamed attach_disconnected,complain
-systemd-hwdb attach_disconnected,complain
+systemd-hwdb attach_disconnected,mediate_deleted,complain
 systemd-inhibit attach_disconnected,complain
 systemd-localed attach_disconnected,complain
 systemd-logind attach_disconnected,complain