Flatpack: add initial integration in other profiles.

apparmor.d/profiles-s-z/update-desktop-database

@@ -23,6 +23,13 @@ profile update-desktop-database @{exec_path} {
 
   /usr/share/*/*.desktop r,
 
+  /var/lib/flatpak/exports/share/applications/{,**/} r,
+  /var/lib/flatpak/exports/share/applications/**.desktop r,
+  /var/lib/flatpak/exports/share/applications/.mimeinfo.cache.* rw,
+  /var/lib/flatpak/exports/share/applications/mimeinfo.cache w,
+
+  /var/lib/flatpak/app/**/export/share/applications/**.desktop r,
+
   # Inherit silencer
   deny network inet6 stream,
   deny network inet stream,

apparmor.d/profiles-s-z/xdg-desktop-portal

@@ -10,6 +10,7 @@ include <tunables/global>
 profile xdg-desktop-portal @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
+  include <abstractions/freedesktop.org.d>
 
   capability sys_ptrace,
 
@@ -27,11 +28,12 @@ profile xdg-desktop-portal @{exec_path} {
   /usr/share/xdg-desktop-portal/portals/{,*.portal} r,
 
   /etc/machine-id r,
+  /etc/pipewire/client.conf.d/ r,
 
   /var/lib/flatpak/exports/share/mime/mime.cache r,
+  /var/lib/flatpak/exports/share/applications/{**,} r,
 
-  owner @{user_config_dirs}/user-dirs.dirs r,
-  owner @{run}/user/@{uid}/.flatpak/*/* r,
+  owner @{run}/user/@{uid}/.flatpak/{,*/*} r,
 
   include <abstractions/dconf>
   owner @{run}/user/@{uid}/dconf/ rw,

apparmor.d/profiles-s-z/xdg-permission-store

@@ -17,8 +17,8 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) {
 
   @{HOME}/@{XDG_DATA_HOME}/flatpak/db/gnome rw,
 
-  @{user_share_dirs}/flatpak/db/.goutputstream-* r,
-  @{user_share_dirs}/flatpak/db/background r,
+  owner @{user_share_dirs}/flatpak/db/.goutputstream-* rw,
+  owner @{user_share_dirs}/flatpak/db/background rw,
 
   /dev/tty[0-9]* rw,