feat(profiles): improve x11 integraion.

apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome

@@ -129,6 +129,7 @@ profile xdg-desktop-portal-gnome @{exec_path} {
 
   owner @{run}/user/@{uid}/wayland-[0-9]* rw,
   owner @{run}/user/@{uid}/wayland-cursor-shared-* rw,
+  owner @{run}/user/@{uid}/gdm/Xauthority r,
 
   @{run}/mount/utab r,
 

apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk

@@ -159,6 +159,7 @@ profile xdg-desktop-portal-gtk @{exec_path} {
   owner @{HOME}/@{XDG_DATA_HOME}/ r,
 
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
+  owner @{run}/user/@{uid}/gdm/Xauthority r,
   owner @{run}/user/@{uid}/wayland-[0-9]* rw,
   owner @{run}/user/@{uid}/wayland-cursor-shared-* rw,
         @{run}/mount/utab r,

apparmor.d/groups/gnome/gdm-xsession

@@ -18,21 +18,22 @@ profile gdm-xsession @{exec_path} {
 
   /{usr/,}bin/{,ba,da}sh      rix,
   /{usr/,}bin/{,e}grep        rix,
+  /{usr/,}bin/{m,g,}awk       rix,
+  /{usr/,}bin/cat             rix,
+  /{usr/,}bin/expr            rix,
+  /{usr/,}bin/gettext         rix,
+  /{usr/,}bin/gettext.sh      r,
   /{usr/,}bin/gnome-session   rix,
   /{usr/,}bin/gsettings       rix,
   /{usr/,}bin/id              rix,
+  /{usr/,}bin/locale          rix,
+  /{usr/,}bin/locale-check    rix,
+  /{usr/,}bin/mktemp          rix,
+  /{usr/,}bin/sed             rix,
+  /{usr/,}bin/tr              rix,
+  /{usr/,}bin/truncate        rix,
   /{usr/,}bin/tty             rix,
   /{usr/,}bin/zsh             rix,
-  /{usr/,}bin/cat             rix,
-  /{usr/,}bin/sed             rix,
-  /{usr/,}bin/locale          rix,
-  /{usr/,}bin/gettext         rix,
-  /{usr/,}bin/gettext.sh      r,
-  /{usr/,}bin/{m,g,}awk       rix,
-  /{usr/,}bin/truncate        rix,
-  /{usr/,}bin/mktemp          rix,
-  /{usr/,}bin/expr            rix,
-  /{usr/,}bin/locale-check    rix,
 
   /{usr/,}bin/dbus-update-activation-environment    rCx -> dbus,
   /{usr/,}bin/flatpak                               rPUx,
@@ -44,13 +45,14 @@ profile gdm-xsession @{exec_path} {
   @{libexec}/gnome-session-binary                   rPx,
   /{usr/,}bin/dpkg-query                            rpx,
 
-  /etc/X11/{,**} r,
-  /etc/default/im-config r,
-
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/im-config/data/{,*} r,
   /usr/share/im-config/xinputrc.common r,
 
+  /etc/debuginfod/{,*} r,
+  /etc/default/im-config r,
+  /etc/X11/{,**} r,
+
   owner /tmp/gdm{3,}-config-err-?????? rw,
 
   # file_inherit

apparmor.d/groups/gnome/gnome-calculator-search-provider

@@ -11,8 +11,12 @@ profile gnome-calculator-search-provider @{exec_path} {
   include <abstractions/base>
   include <abstractions/dbus-session-strict>
   include <abstractions/dconf-write>
+  include <abstractions/dri-common>
+  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/gtk>
+  include <abstractions/mesa>
+  include <abstractions/vulkan>
 
   signal (send) set=kill peer=unconfined,
 

apparmor.d/groups/gnome/gnome-control-center-search-provider

@@ -11,9 +11,13 @@ profile gnome-control-center-search-provider @{exec_path} {
   include <abstractions/base>
   include <abstractions/dbus-session-strict>
   include <abstractions/dconf-write>
+  include <abstractions/dri-common>
+  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/gtk>
+  include <abstractions/mesa>
+  include <abstractions/vulkan>
 
   @{exec_path} mr,
 

apparmor.d/groups/gnome/gnome-extensions-app

@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/gnome-extensions-app
 profile gnome-extensions-app @{exec_path} {
   include <abstractions/base>
-  # include <abstractions/vulkan>
   include <abstractions/dconf-write>
   include <abstractions/dri-common>
   include <abstractions/dri-enumerate>
@@ -17,6 +16,7 @@ profile gnome-extensions-app @{exec_path} {
   include <abstractions/freedesktop.org>
   include <abstractions/mesa>
   include <abstractions/opencl>
+  include <abstractions/vulkan>
 
   @{exec_path} mr,
 

apparmor.d/profiles-s-z/steam

@@ -136,6 +136,7 @@ profile steam @{exec_path} {
   owner @{user_share_dirs}/vulkan/implicit_layer.d/steam*.json rwk,
 
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
+  owner @{run}/user/@{uid}/gdm/Xauthority r,
 
   owner /dev/shm/#[0-9]* rw,
   owner /dev/shm/fossilize-*-[0-9]*-[0-9]* rw,
@@ -198,6 +199,7 @@ profile steam @{exec_path} {
         @{PROC}/version r,
   owner @{PROC}/@{pid}/autogroup rw,
   owner @{PROC}/@{pid}/cmdline rk,
+  owner @{PROC}/@{pid}/environ r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/oom_score_adj w,
@@ -210,6 +212,7 @@ profile steam @{exec_path} {
   /dev/input/event[0-9]* r,
   /dev/tty rw,
   /dev/uinput w,
+  /dev/video[0-9]* rw,
 
   audit deny /**.steam_exec_test.sh rw,
   deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,

apparmor.d/profiles-s-z/steam-game

@@ -170,6 +170,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) {
   owner @{run}/pressure-vessel/{,**} rw,
   owner @{run}/user/@{uid}/ r,
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
+  owner @{run}/user/@{uid}/gdm/Xauthority r,
   owner @{run}/user/@{uid}/orcexec.* mrw,  # gstreamer
 
   owner /dev/shm/#[0-9]* rw,

apparmor.d/profiles-s-z/steam-gameoverlayui

@@ -40,6 +40,7 @@ profile steam-gameoverlayui @{exec_path} {
   owner @{user_share_dirs}/Steam/userdata/[0-9]*/{,**} rk,
 
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
+  owner @{run}/user/@{uid}/gdm/Xauthority r,
 
   owner /dev/shm/u@{uid}-Shm_@{hex} rw,
   owner /dev/shm/u@{uid}-ValveIPCSharedObj-* rwk,