feat(profile): add a few gnome core app.

apparmor.d/groups/gnome/gnome-calculator

@@ -0,0 +1,25 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/gnome-calculator
+profile gnome-calculator @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/common/gnome>
+  include <abstractions/ssl_certs>
+
+  # Needed to get currency exchange rates
+  network inet dgram,
+  network inet stream,
+  network inet6 dgram,
+  network inet6 stream,
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  include if exists <local/gnome-calculator>
+}

apparmor.d/groups/gnome/gnome-clocks

@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/gnome-clocks
+profile gnome-clocks @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/audio-client>
+  include <abstractions/common/gnome>
+
+  @{exec_path} mr,
+
+  include if exists <local/gnome-clocks>
+}

apparmor.d/groups/gnome/gnome-logs

@@ -0,0 +1,30 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/gnome-logs
+profile gnome-logs @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/common/gnome>
+  include <abstractions/user-download-strict>
+
+  @{exec_path} mr,
+
+  /etc/machine-id r,
+
+  /var/lib/systemd/catalog/database r,
+
+  /{run,var}/log/journal/ r,
+  /{run,var}/log/journal/@{hex32}/ r,
+  /{run,var}/log/journal/@{hex32}/system.journal r,
+  /{run,var}/log/journal/@{hex32}/system@@{hex32}-@{hex}-@{hex}.journal r,
+  /{run,var}/log/journal/@{hex32}/user-@{uid}.journal r,
+  /{run,var}/log/journal/@{hex32}/user-1000@@{hex32}-@{hex}-@{hex}.journal r,
+  /{run,var}/log/journal/remote/ r,
+
+  include if exists <local/gnome-logs>
+}

apparmor.d/groups/gnome/yelp

@@ -0,0 +1,37 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/yelp @{bin}/gnome-help
+profile yelp @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/common/gnome>
+
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  @{lib}/{,@{multiarch}/}webkit{2,}gtk-*/WebKitNetworkProcess rix,
+  @{lib}/{,@{multiarch}/}webkit{2,}gtk-*/WebKitWebProcess rix,
+
+  /usr/share/help/{,**} r,
+  /usr/share/yelp-xsl/{,**} r,
+  /usr/share/xml/{,**} r,
+
+  /etc/xml/{,**} r,
+
+  @{sys}/devices/virtual/dmi/id/chassis_type r,
+  @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/app-gnome-yelp-*.scope/memory.* r,
+
+        @{PROC}/zoneinfo r,
+  owner @{PROC}/@{pid}/cgroup r,
+  owner @{PROC}/@{pid}/cmdline r,
+  owner @{PROC}/@{pid}/smaps r,
+  owner @{PROC}/@{pid}/statm r,
+
+  include if exists <local/yelp>
+}