From 8b803a628595c911917660f61386eaa090726771 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 22 Feb 2022 20:53:52 +0000
Subject: [PATCH] Flatpack: add initial integration in other profiles.

---
 apparmor.d/profiles-s-z/update-desktop-database | 7 +++++++
 apparmor.d/profiles-s-z/xdg-desktop-portal      | 6 ++++--
 apparmor.d/profiles-s-z/xdg-permission-store    | 4 ++--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/apparmor.d/profiles-s-z/update-desktop-database b/apparmor.d/profiles-s-z/update-desktop-database
index 7a55882d..0ead1784 100644
--- a/apparmor.d/profiles-s-z/update-desktop-database
+++ b/apparmor.d/profiles-s-z/update-desktop-database
@@ -23,6 +23,13 @@ profile update-desktop-database @{exec_path} {
 
   /usr/share/*/*.desktop r,
 
+  /var/lib/flatpak/exports/share/applications/{,**/} r,
+  /var/lib/flatpak/exports/share/applications/**.desktop r,
+  /var/lib/flatpak/exports/share/applications/.mimeinfo.cache.* rw,
+  /var/lib/flatpak/exports/share/applications/mimeinfo.cache w,
+
+  /var/lib/flatpak/app/**/export/share/applications/**.desktop r,
+
   # Inherit silencer
   deny network inet6 stream,
   deny network inet stream,
diff --git a/apparmor.d/profiles-s-z/xdg-desktop-portal b/apparmor.d/profiles-s-z/xdg-desktop-portal
index aee450df..f013309b 100644
--- a/apparmor.d/profiles-s-z/xdg-desktop-portal
+++ b/apparmor.d/profiles-s-z/xdg-desktop-portal
@@ -10,6 +10,7 @@ include <tunables/global>
 profile xdg-desktop-portal @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
+  include <abstractions/freedesktop.org.d>
 
   capability sys_ptrace,
 
@@ -27,11 +28,12 @@ profile xdg-desktop-portal @{exec_path} {
   /usr/share/xdg-desktop-portal/portals/{,*.portal} r,
 
   /etc/machine-id r,
+  /etc/pipewire/client.conf.d/ r,
 
   /var/lib/flatpak/exports/share/mime/mime.cache r,
+  /var/lib/flatpak/exports/share/applications/{**,} r,
 
-  owner @{user_config_dirs}/user-dirs.dirs r,
-  owner @{run}/user/@{uid}/.flatpak/*/* r,
+  owner @{run}/user/@{uid}/.flatpak/{,*/*} r,
 
   include <abstractions/dconf>
   owner @{run}/user/@{uid}/dconf/ rw,
diff --git a/apparmor.d/profiles-s-z/xdg-permission-store b/apparmor.d/profiles-s-z/xdg-permission-store
index 5aa1fa09..a2e0277c 100644
--- a/apparmor.d/profiles-s-z/xdg-permission-store
+++ b/apparmor.d/profiles-s-z/xdg-permission-store
@@ -17,8 +17,8 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) {
 
   @{HOME}/@{XDG_DATA_HOME}/flatpak/db/gnome rw,
 
-  @{user_share_dirs}/flatpak/db/.goutputstream-* r,
-  @{user_share_dirs}/flatpak/db/background r,
+  owner @{user_share_dirs}/flatpak/db/.goutputstream-* rw,
+  owner @{user_share_dirs}/flatpak/db/background rw,
 
   /dev/tty[0-9]* rw,