From 63888f07a754b66e5558f43967b0e125f7b5bb55 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 27 Sep 2024 14:39:01 +0100
Subject: [PATCH] fix(profile): flatpak app range.

fix #519
---
 apparmor.d/abstractions/common/app  | 10 +++++-----
 apparmor.d/profiles-a-f/flatpak-app |  2 --
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app
index 5c8ebd21..7b6a5fdd 100644
--- a/apparmor.d/abstractions/common/app
+++ b/apparmor.d/abstractions/common/app
@@ -54,12 +54,12 @@
   @{MOUNTDIRS}/ r,
   @{MOUNTS}/ r,
   @{MOUNTS}/** rwl,
+  owner @{HOME}/ r,
   owner @{HOME}/.var/app/** rmix,
-  owner @{HOME}/{,**} rwlk,
-  owner @{run}/user/@{uid}/{,**} rw,
-  owner @{user_config_dirs}/** rwkl,
-  owner @{user_share_dirs}/** rwkl,
-  owner @{user_games_dirs}/{,**} rm,
+  owner @{HOME}/** rwlk -> @{HOME}/**,
+  owner @{run}/user/@{uid}/ r,
+  owner @{run}/user/@{uid}/** rwlk -> @{run}/user/@{uid}/**,
+  owner @{user_games_dirs}/** rm,
 
   owner /var/cache/tmp/** rwlk -> /var/cache/tmp/**,
   owner @{tmp}/** rmwk,
diff --git a/apparmor.d/profiles-a-f/flatpak-app b/apparmor.d/profiles-a-f/flatpak-app
index 8f3a15fc..71ec660d 100644
--- a/apparmor.d/profiles-a-f/flatpak-app
+++ b/apparmor.d/profiles-a-f/flatpak-app
@@ -92,8 +92,6 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
   owner @{run}/flatpak/doc/** rw,
   owner @{run}/ld-so-cache-dir/* rw,
   owner @{run}/user/ r,
-  owner @{run}/user/@{uid}/*.kioworker.socket r,
-  owner @{run}/user/@{uid}/#@{int} rwl,
 
   include if exists <usr/flatpak-app.d>
   include if exists <local/flatpak-app>