feat(abs): minor improvement to some abstraction.

apparmor.d/abstractions/app/pgrep

@@ -21,6 +21,7 @@
   @{PROC}/ r,
   @{PROC}/@{pids}/cgroup r,
   @{PROC}/@{pids}/cmdline r,
+  @{PROC}/@{pids}/environ r,
   @{PROC}/@{pids}/stat r,
   @{PROC}/sys/kernel/osrelease r,
   @{PROC}/uptime r,

apparmor.d/abstractions/common/systemd

@@ -8,6 +8,7 @@
   ptrace read peer=@{p_systemd},
 
   @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
+  @{sys}/fs/cgroup/system.slice/@{profile_name}.service/ r,
   @{sys}/fs/cgroup/system.slice/@{profile_name}.service/memory.pressure rw,
 
         @{PROC}/1/cgroup r,

apparmor.d/abstractions/dconf.d/complete

@@ -10,7 +10,7 @@
   dbus receive bus=session path=/ca/desrt/dconf/Writer/user
        interface=ca.desrt.dconf.Writer
        member=Notify
-       peer=(name=:*, label=dconf-service),
+       peer=(name=@{busname}, label=dconf-service),
 
   /usr/share/dconf/profile/gdm r,
 

apparmor.d/abstractions/desktop

@@ -22,7 +22,7 @@
     dbus receive bus=session
          interface=org.freedesktop.DBus.Introspectable
          member=Introspect
-         peer=(name=:*, label=gnome-shell),
+         peer=(name=@{busname}, label=gnome-shell),
 
     /usr/{local/,}share/ r,
     /usr/{local/,}share/glib-@{version}/schemas/** r,

apparmor.d/abstractions/gnome-strict

@@ -14,7 +14,7 @@
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect
-       peer=(name=:*, label=gnome-shell),
+       peer=(name=@{busname}, label=gnome-shell),
 
   /usr/share/desktop-base/{,**} r,
   /usr/share/hwdata/*.ids r,

apparmor.d/abstractions/gnome.d/complete

@@ -7,7 +7,7 @@
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect 
-       peer=(name=:*, label=gnome-shell),
+       peer=(name=@{busname}, label=gnome-shell),
 
   /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,
 

apparmor.d/abstractions/gtk.d/complete

@@ -5,7 +5,7 @@
   dbus send bus=session
        interface=org.gtk.Actions
        member=DescribeAll
-       peer=(name=:*),
+       peer=(name=@{busname}),
   dbus send bus=session
        interface=org.gtk.Actions
        member=DescribeAll
@@ -14,7 +14,7 @@
   dbus receive bus=session
        interface=org.gtk.Actions
        member=Changed
-       peer=(name=:*),
+       peer=(name=@{busname}),
   dbus receive bus=session
        interface=org.gtk.Actions
        member=Changed
@@ -23,11 +23,11 @@
   dbus send bus=session path=/org/gtk/Settings
        interface=org.freedesktop.DBus.Properties
        member=GetAll
-       peer=(name=:*, label=gsd-xsettings),
+       peer=(name=@{busname}, label=gsd-xsettings),
   dbus receive bus=session path=/org/gtk/Settings
        interface=org.freedesktop.DBus.Properties
        member=PropertiesChanged
-       peer=(name=:*, label=gsd-xsettings),
+       peer=(name=@{busname}, label=gsd-xsettings),
 
   @{lib}/{,@{multiarch}/}gtk*/** mr,
 

apparmor.d/abstractions/kde-open5.d/complete

@@ -6,6 +6,6 @@
 
   owner @{user_config_dirs}/menus/{,**} r,
 
-  owner @{run}/user/@{uid}/kioclient*.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int},
+  owner @{run}/user/@{uid}/kioclient@{rand6}.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int},
 
 # vim:syntax=apparmor