feat(abs): improve some common user abstraction.

apparmor.d/abstractions/app-launcher-user

@@ -8,18 +8,13 @@
   /usr/share/*/*                rPUx,
   /usr/local/bin/*              rPUx,
 
-  # Browsers
   @{bin}/chromium               rPx,
   @{brave_path}                 rPx,
   @{chrome_path}                rPx,
   @{chromium_path}              rPx,
   @{firefox_path}               rPx,
   @{opera_path}                 rPx,
-
-  # Emails
   @{thunderbird_path}           rPx,
-
-  # Office
   @{lib}/libreoffice/program/{soffice{,.bin},oosplash} rPUx,
 
   @{bin}/                       r,

apparmor.d/abstractions/app-open

@@ -14,33 +14,15 @@
   @{bin}/flatpak                rPUx,
   @{bin}/snap                   rPUx,
 
-  # Files explorer
+  # Labeled programs
-  @{bin}/nautilus               rPx,
+  @{archive_viewers_path}       rPUx,
-  @{bin}/dolphin                rPx,
+  @{browsers_path}              rPx,
-
+  @{document_viewers_path}      rPUx,
-  # Browsers
+  @{emails_path}                rPUx,
-  @{bin}/chromium               rPx,
+  @{file_explorers_path}        rPx,
-  @{brave_path}                 rPx,
+  @{image_viewers_path}         rPUx,
-  @{chrome_path}                rPx,
+  @{offices_path}               rPUx,
-  @{chromium_path}              rPx,
+  @{text_edirors_path}          rPUx,
-  @{firefox_path}               rPx,
-  @{opera_path}                 rPx,
-
-  # Text editors
-  @{bin}/code                   rPUx,
-  @{bin}/gedit                  rPUx,
-  @{bin}/gnome-text-editor      rPUx,
-  /usr/share/code/{bin/,}code   rPUx,
-
-  # Emails
-  @{thunderbird_path}           rPx,
-  @{bin}/geany                  rPUx,
-
-  # Documents viewers
-  @{bin}/evince                 rPx,
-  @{bin}/okular                 rPx,
-  @{bin}/*{F,f}oliate           rPUx,
-  @{bin}/YACReader              rPx,
 
   # Others
   @{bin}/blueman-tray           rPx,
@@ -48,33 +30,24 @@
   @{bin}/draw.io                rPUx,
   @{bin}/dropbox                rPx,
   @{bin}/element-desktop        rPx,
-  @{bin}/engrampa               rPx,
-  @{bin}/eog                    rPUx,
   @{bin}/extension-manager      rPx,
-  @{bin}/file-roller            rPUx,
   @{bin}/filezilla              rPx,
   @{bin}/flameshot              rPx,
-  @{bin}/flatpak                rPUx,
   @{bin}/gimp*                  rPUx,
   @{bin}/gnome-calculator       rPUx,
   @{bin}/gnome-disk-image-mounter rPx,
   @{bin}/gnome-disks            rPx,
   @{bin}/gwenview               rPUx,
   @{bin}/kgx                    rPx,
-  @{bin}/okular                 rPx,
   @{bin}/qbittorrent            rPx,
   @{bin}/qpdfview               rPx,
   @{bin}/smplayer               rPx,
-  @{bin}/spacefm                rPx,
   @{bin}/steam-runtime          rPUx,
-  @{bin}/teams                  rPUx,
   @{bin}/telegram-desktop       rPx,
   @{bin}/transmission-gtk       rPx,
   @{bin}/viewnior               rPUx,
   @{bin}/vlc                    rPUx,
-  @{bin}/xarchiver              rPx,
   @{bin}/xbrlapi 	              rPx,
-  @{bin}/yelp                   rPUx,
+
-  @{lib}/libreoffice/program/{soffice{,.bin},oosplash} rPUx,
 
   include if exists <abstractions/app-open.d>

apparmor.d/abstractions/common/electron

@@ -50,6 +50,8 @@
   owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
   owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
 
+  owner @{user_share_dirs}/.org.chromium.Chromium.* rw,
+
   owner @{tmp}/.org.chromium.Chromium.@{rand6} rw,
   owner @{tmp}/.org.chromium.Chromium.@{rand6}/ rw,
   owner @{tmp}/.org.chromium.Chromium.@{rand6}/SingletonCookie w,

apparmor.d/abstractions/deny-sensitive-home

@@ -40,9 +40,9 @@
   deny @{user_share_dirs}/kwalletd/{,**}  mrwkl,
 
   # User defined private directories
-  deny @{user_private_dirs}/**               mrxwlk,
+  deny @{user_private_dirs}/{,**}               mrxwlk,
-  deny @{HOMEDIRS}/**/@{XDG_PRIVATE_DIR}/**  mrxwlk,
+  deny @{HOMEDIRS}/**/@{XDG_PRIVATE_DIR}/{,**}  mrxwlk,
-  deny @{MOUNTS}/**/@{XDG_PRIVATE_DIR}/**    mrxwlk,
+  deny @{MOUNTS}/**/@{XDG_PRIVATE_DIR}/{,**}    mrxwlk,
 
   # Deny executable mapping in writable space as allowed in abstractions/fonts
   deny @{HOME}/.{,cache/}fontconfig/ rw,