From a79f03f038290bb24427a2516bc7e3721b9721cb Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 20 Jul 2023 21:10:19 +0100
Subject: [PATCH] feat(kde): improve support for kde.

---
 apparmor.d/groups/akonadi/akonadi_archivemail_agent     | 1 +
 apparmor.d/groups/akonadi/akonadi_contacts_resource     | 1 +
 apparmor.d/groups/akonadi/akonadi_maildir_resource      | 2 +-
 apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent | 4 ++--
 apparmor.d/groups/bus/dbus-daemon                       | 2 +-
 apparmor.d/groups/bus/dbus-daemon-launch-helper         | 2 +-
 apparmor.d/groups/bus/dbus-run-session                  | 8 ++++----
 apparmor.d/groups/bus/ibus-dconf                        | 8 ++++----
 apparmor.d/groups/bus/ibus-engine-table                 | 3 +++
 9 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/apparmor.d/groups/akonadi/akonadi_archivemail_agent b/apparmor.d/groups/akonadi/akonadi_archivemail_agent
index 588ee2e1..29f7b0ca 100644
--- a/apparmor.d/groups/akonadi/akonadi_archivemail_agent
+++ b/apparmor.d/groups/akonadi/akonadi_archivemail_agent
@@ -40,6 +40,7 @@ profile akonadi_archivemail_agent @{exec_path} {
   owner @{user_config_dirs}/emailidentities.lock rwk,
   owner @{user_config_dirs}/emailidentities* rwl,
   owner @{user_config_dirs}/kmail2rc r,
+  owner @{user_config_dirs}/QtProject/qtlogging.ini r,
 
   owner @{user_config_dirs}/kdedefaults/kdeglobals r,
   owner @{user_config_dirs}/kdedefaults/kwinrc r,
diff --git a/apparmor.d/groups/akonadi/akonadi_contacts_resource b/apparmor.d/groups/akonadi/akonadi_contacts_resource
index b73f6f85..13026804 100644
--- a/apparmor.d/groups/akonadi/akonadi_contacts_resource
+++ b/apparmor.d/groups/akonadi/akonadi_contacts_resource
@@ -22,6 +22,7 @@ profile akonadi_contacts_resource @{exec_path} {
   @{exec_path} mr,
 
   /usr/share/hwdata/*.ids r,
+  /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
 
   /etc/xdg/kdeglobals r,
   /etc/xdg/kwinrc r,
diff --git a/apparmor.d/groups/akonadi/akonadi_maildir_resource b/apparmor.d/groups/akonadi/akonadi_maildir_resource
index 4d3584e4..27826c15 100644
--- a/apparmor.d/groups/akonadi/akonadi_maildir_resource
+++ b/apparmor.d/groups/akonadi/akonadi_maildir_resource
@@ -21,7 +21,7 @@ profile akonadi_maildir_resource @{exec_path} {
 
   @{exec_path} mr,
 
-  /usr/share/akonadi/plugins/serializer/*.desktop r,
+  /usr/share/akonadi/plugins/serializer/{,*.desktop} r,
   /usr/share/hwdata/*.ids r,
   /usr/share/mime/{,**} r,
   /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
diff --git a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent
index bdce6058..b5766023 100644
--- a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent
+++ b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent
@@ -21,7 +21,7 @@ profile akonadi_newmailnotifier_agent @{exec_path} {
 
   @{exec_path} mr,
 
-  /usr/share/akonadi/plugins/serializer/*.desktop r,
+  /usr/share/akonadi/plugins/serializer/{,*.desktop} r,
   /usr/share/hwdata/*.ids r,
   /usr/share/mime/{,**} r,
   /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
@@ -46,7 +46,7 @@ profile akonadi_newmailnotifier_agent @{exec_path} {
   owner @{user_config_dirs}/kmail2rc r,
   owner @{user_config_dirs}/kwinrc r,
   owner @{user_config_dirs}/specialmailcollectionsrc r,
-  
+
   @{PROC}/sys/kernel/core_pattern r,
   @{PROC}/sys/kernel/random/boot_id r,
 
diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon
index 4e0d7e80..af6ab9a3 100644
--- a/apparmor.d/groups/bus/dbus-daemon
+++ b/apparmor.d/groups/bus/dbus-daemon
@@ -49,7 +49,7 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
   @{lib}/dbus-1*/dbus-daemon-launch-helper                                rPx,
   @{lib}/gnome-shell/gnome-shell-calendar-server                          rPx,
   @{lib}/ibus/ibus-*                                                      rPx,
-  @{lib}/kauth/*                                                          rPx,
+  @{lib}/kauth/{,libexec/}*                                               rPx,
   @{lib}/kf5/kiod5                                                       rPUx,
   @{lib}/telepathy/mission-control-5                                      rPx,
   @{lib}/xfce[0-9]/xfconf/xfconfd                                         rPx,
diff --git a/apparmor.d/groups/bus/dbus-daemon-launch-helper b/apparmor.d/groups/bus/dbus-daemon-launch-helper
index 66863855..d77ccc3b 100644
--- a/apparmor.d/groups/bus/dbus-daemon-launch-helper
+++ b/apparmor.d/groups/bus/dbus-daemon-launch-helper
@@ -20,7 +20,7 @@ profile dbus-daemon-launch-helper @{exec_path} {
 
   @{lib}/{,cups-pk-helper/}cups-pk-helper-mechanism     rPx,
   @{lib}/@{multiarch}/cups-pk-helper-mechanism          rPx,
-  @{lib}/kauth/*                                        rPx,
+  @{lib}/kauth/{,libexec/}*                             rPx,
   @{lib}/language-selector/ls-dbus-backend              rPx,
   @{lib}/software-properties/software-properties-dbus   rPx,
 
diff --git a/apparmor.d/groups/bus/dbus-run-session b/apparmor.d/groups/bus/dbus-run-session
index df7db5d8..779850e7 100644
--- a/apparmor.d/groups/bus/dbus-run-session
+++ b/apparmor.d/groups/bus/dbus-run-session
@@ -9,7 +9,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/dbus-run-session
 profile dbus-run-session @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dconf-write>
+  # include <abstractions/dconf-write>
 
   signal (receive) set=(term, kill, hup) peer=gdm*,
   signal (send) set=term peer=dbus-daemon,
@@ -22,9 +22,9 @@ profile dbus-run-session @{exec_path} {
   @{bin}/gsettings             rPx,
   @{lib}/gnome-session-binary  rPx,
 
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
-  /usr/share/gdm/greeter-dconf-defaults r,
-  /usr/share/dconf/profile/gdm r,
+  # /usr/share/glib-2.0/schemas/gschemas.compiled r,
+  # /usr/share/gdm/greeter-dconf-defaults r,
+  # /usr/share/dconf/profile/gdm r,
 
   /var/lib/gdm{3,}/.config/dconf/user r,
   /var/lib/gdm{3,}/.cache/dconf/ rw,
diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf
index 5cf0a452..1cbdceea 100644
--- a/apparmor.d/groups/bus/ibus-dconf
+++ b/apparmor.d/groups/bus/ibus-dconf
@@ -30,11 +30,8 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/dconf/profile/gdm r,
 
-  /etc/dconf/profile/ibus r,
   /etc/dconf/db/ibus r,
-
-  owner @{user_config_dirs}/ibus/bus/{,@{hex}-unix-wayland-[0-9]*} r,
-  owner @{user_config_dirs}/ibus/bus/@{hex}-unix-[0-9]* r,
+  /etc/dconf/profile/ibus r,
 
   /var/lib/gdm{3,}/.config/ibus/bus/{,@{hex}-unix-wayland-[0-9]*} r,
   /var/lib/gdm{3,}/.config/ibus/bus/@{hex}-unix-[0-9]* r,
@@ -44,6 +41,9 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) {
   /var/lib/gdm{3,}/.config/dconf/user rw,
   /var/lib/gdm{3,}/greeter-dconf-defaults r,
 
+  owner @{user_config_dirs}/ibus/bus/{,@{hex}-unix-wayland-[0-9]*} r,
+  owner @{user_config_dirs}/ibus/bus/@{hex}-unix-[0-9]* r,
+
   owner /dev/tty[0-9]* rw,
 
   include if exists <local/ibus-dconf>
diff --git a/apparmor.d/groups/bus/ibus-engine-table b/apparmor.d/groups/bus/ibus-engine-table
index eb369637..754f9250 100644
--- a/apparmor.d/groups/bus/ibus-engine-table
+++ b/apparmor.d/groups/bus/ibus-engine-table
@@ -13,5 +13,8 @@ profile ibus-engine-table @{exec_path} {
 
   @{exec_path} mr,
 
+  @{bin}/{,ba,da}sh      rix,
+  @{bin}/python3.[0-9]*  rix,
+
   include if exists <local/ibus-engine-table>
 }
\ No newline at end of file