From ace9a12c95c16e36fb233ddad819e053764eb475 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 9 Feb 2025 20:34:25 +0100
Subject: [PATCH] feat(profile): add profile for
 xdg-desktop-portal-validate-icon.

---
 .../xdg-desktop-portal-validate-icon          | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 apparmor.d/groups/freedesktop/xdg-desktop-portal-validate-icon

diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-validate-icon b/apparmor.d/groups/freedesktop/xdg-desktop-portal-validate-icon
new file mode 100644
index 00000000..2c6c3753
--- /dev/null
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-validate-icon
@@ -0,0 +1,26 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/xdg-desktop-portal-validate-icon
+profile xdg-desktop-portal-validate-icon @{exec_path} flags=(attach_disconnected) {
+  include <abstractions/base>
+  include <abstractions/common/bwrap>
+  include <abstractions/freedesktop.org>
+
+  capability dac_override,
+
+  @{exec_path} mrix,
+
+  @{bin}/bwrap ix,
+
+  owner @{tmp}/icon@{rand6} r,
+
+  include if exists <local/xdg-desktop-portal-validate-icon>
+}
+
+# vim:syntax=apparmor