Replace last remaining home files by the xdg variables.

apparmor.d/abstractions/thumbnails-cache-write

@@ -7,7 +7,7 @@
   owner @{HOME}/thumbnails/ rw,
   owner @{HOME}/thumbnails/{large,normal}/ rw,
   owner @{HOME}/thumbnails/{large,normal}/#[0-9]*[0-9] rw,
-  owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9],
+  owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9],
 
   owner @{user_cache_dirs}/thumbnails/ rw,
   owner @{user_cache_dirs}/thumbnails/{large,normal}/ rw,

apparmor.d/groups/apps/android-studio

@@ -182,7 +182,7 @@ profile android-studio @{exec_path} {
 
   owner @{HOME}/.emulator_console_auth_token rw,
 
-  deny owner @{HOME}/@{XDG_DESKTOP_DIR}/* rw,
+  deny owner @{HOME}/Desktop/* rw,
 
         @{PROC}/ r,
   owner @{PROC}/@{pid}/mountinfo r,

apparmor.d/profiles-a-l/appimage-beyond-all-reason

@@ -6,8 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path}  = "/home/*/Desktop/Beyond All Reason.AppImage"
-@{exec_path} += /home/*/Desktop/BeyondAllReason.AppImage
+@{exec_path}  = "/home/*/@{XDG_DESKTOP_DIR}/Beyond All Reason.AppImage"
+@{exec_path} += /home/*/@{XDG_DESKTOP_DIR}/BeyondAllReason.AppImage
 profile appimage-beyond-all-reason @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>

apparmor.d/profiles-a-l/dino-im

@@ -48,8 +48,8 @@ profile dino-im @{exec_path} {
     /{usr/,}bin/gpgconf mr,
     /{usr/,}bin/gpgsm   mr,
 
-    owner @{HOME}/@{XDG_GPG_DIR}/ rw,
-    owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
+    owner @{HOME}/.gnupg/ rw,
+    owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
 
   }
 

apparmor.d/profiles-a-l/fritzing

@@ -29,7 +29,7 @@ profile fritzing @{exec_path} {
   @{exec_path} mrix,
 
   owner @{user_config_dirs}/Fritzing/ rw,
-  owner @{user_config_dirs}/Fritzing/** rwkl -> @{user_config_dirs}/Fritzing/**,
+  owner @{user_config_dirs}/Fritzing/** rwkl -> @{HOME}/.config/Fritzing/**,
 
   owner @{HOME}/@{XDG_DOCUMENTS_DIR}/Fritzing/ rw,
   owner @{HOME}/@{XDG_DOCUMENTS_DIR}/Fritzing/** rw,

apparmor.d/profiles-a-l/fusermount

@@ -32,7 +32,7 @@ profile fusermount @{exec_path} {
   # Be able to mount ISO images
   mount fstype={fuse,fuse.*} -> @{HOME}/*/,
   mount fstype={fuse,fuse.*} -> @{HOME}/*/*/,
-  mount fstype={fuse,fuse.*} -> @{user_cache_dirs}/**/,
+  mount fstype={fuse,fuse.*} -> @{HOME}/.cache/**/,
   mount fstype={fuse,fuse.*} -> /media/*/,
   mount fstype={fuse,fuse.*} -> /media/*/*/,
   # For MTP
@@ -47,7 +47,7 @@ profile fusermount @{exec_path} {
   # Be able to unmount the ISO images
   umount @{HOME}/*/,
   umount @{HOME}/*/*/,
-  umount @{user_cache_dirs}/**/,
+  umount @{HOME}/.cache/**/,
   umount /media/*/,
   umount /tmp/.mount_*/,
   umount @{run}/user/[0-9]*/**/,

apparmor.d/profiles-a-l/jdownloader-install

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{JD_INSTALLDIR} = /home/*/jd2
-@{JD_SH_PATH} = /home/*/@{XDG_DOWNLOAD_DIR}{,s}
+@{JD_SH_PATH} = /home/*/@{XDG_DOWNLOAD_DIR}
 @{JD_SH_PATH} += /home/*/@{XDG_DESKTOP_DIR}
 
 @{exec_path} = @{JD_SH_PATH}/JD2Setup_{x86,x64}.sh

apparmor.d/profiles-a-l/keepassxc

@@ -56,9 +56,7 @@ profile keepassxc @{exec_path} {
 
   # For SSH keys
   owner @{HOME}/@{XDG_SSH_DIR}/ r,
-  owner @{HOME}/@{XDG_SSH_DIR}/*_rsa r,
-  owner @{HOME}/@{XDG_SSH_DIR}/*_ed25519 r,
-  owner @{HOME}/@{XDG_SSH_DIR}/*.pub r,
+  owner @{HOME}/@{XDG_SSH_DIR}/* r,
 
   # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
   owner @{user_config_dirs}/qt5ct/{,**} r,

apparmor.d/profiles-m-z/pam_roles

@@ -45,6 +45,7 @@ profile confined_user flags=(complain) {
 
   /{usr/,}bin/**  Pixmr,
   owner @{HOMEDIRS}/bin/** ixmr,
+  owner @{user_bin_dirs}/** ixmr,
 
   owner /** rwkl,
   @{PROC}/** r,

apparmor.d/profiles-m-z/udisksd

@@ -44,25 +44,25 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   /{usr/,}bin/systemd-escape  rCx -> systemd-escape,
 
   # Allow mounting of removable devices
-  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z]       -> /media/*/*/,
-  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z][0-9]* -> /media/*/*/,
+  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z]       -> /{media,mnt}/*/*/,
+  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z][0-9]* -> /{media,mnt}/*/*/,
   # Allow mounting of loop devices (ISO files)
-  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]*        -> /media/*/*/,
-  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]*p[0-9]* -> /media/*/*/,
+  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]*        -> /{media,mnt}/*/*/,
+  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]*p[0-9]* -> /{media,mnt}/*/*/,
   # Allow mounting of cdrom
   mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]* -> /media/cdrom[0-9]/,
   mount fstype={iso9660,udf}                 /dev/sr[0-9]*   -> /media/cdrom[0-9]/,
   # Allow mounting od sd cards
-  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9]         -> /media/*/*/,
-  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9]*p[0-9]* -> /media/*/*/,
+  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9]         -> /{media,mnt}/*/*/,
+  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9]*p[0-9]* -> /{media,mnt}/*/*/,
   # Allow unmounting
-  umount /media/*/,
-  umount /media/*/*/,
+  umount /{media,mnt}/*/,
+  umount /{media,mnt}/*/*/,
   umount /media/cdrom[0-9]/,
 
   # Be able to create/delete dirs for removable media
-  /media/*/ rw,
-  /media/*/*/ rw,
+  /{media,mnt}/*/ rw,
+  /{media,mnt}/*/*/ rw,
   /media/cdrom[0-9]/ rw,
 
   # Udisks2 config files

apparmor.d/profiles-m-z/xfconfd

@@ -15,7 +15,7 @@ profile xfconfd @{exec_path} {
 
   /etc/xdg/xfce4/xfconf/*/*.xml r,
 
-  owner @{user_config_dirs}/xfce4/xfconf/*/*.xml{,.new} rw,
+  owner @{HOME}/.config/xfce4/xfconf/*/*.xml{,.new} rw,
 
   # file_inherit
   owner /dev/tty[0-9]* rw,