From c2bc55dc465cd560861fbf773b47f0af6f746de3 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 9 Sep 2024 20:53:12 +0100
Subject: [PATCH] feat(profile): general update.

---
 apparmor.d/abstractions/app/editor                 | 1 +
 apparmor.d/abstractions/app/pgrep                  | 2 +-
 apparmor.d/abstractions/freedesktop.org.d/complete | 2 ++
 apparmor.d/groups/gnome/gnome-shell                | 1 -
 apparmor.d/profiles-a-f/aa-enforce                 | 2 +-
 5 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/apparmor.d/abstractions/app/editor b/apparmor.d/abstractions/app/editor
index 023696e3..d6e346f3 100644
--- a/apparmor.d/abstractions/app/editor
+++ b/apparmor.d/abstractions/app/editor
@@ -4,6 +4,7 @@
 # SPDX-License-Identifier: GPL-2.0-only
 
   include <abstractions/nameservice-strict>
+  include <abstractions/consoles>
 
   @{sh_path}                   rix,
   @{bin}/nvim                 mrix,
diff --git a/apparmor.d/abstractions/app/pgrep b/apparmor.d/abstractions/app/pgrep
index 4bab7538..aaf14d85 100644
--- a/apparmor.d/abstractions/app/pgrep
+++ b/apparmor.d/abstractions/app/pgrep
@@ -2,7 +2,7 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
-# Minimal set of rules for pgrep.
+# Minimal set of rules for pgrep/pkill.
 
   include <abstractions/consoles>
 
diff --git a/apparmor.d/abstractions/freedesktop.org.d/complete b/apparmor.d/abstractions/freedesktop.org.d/complete
index ed4f067a..4724c694 100644
--- a/apparmor.d/abstractions/freedesktop.org.d/complete
+++ b/apparmor.d/abstractions/freedesktop.org.d/complete
@@ -13,6 +13,8 @@
   @{system_share_dirs}/ r,
   @{system_share_dirs}/mime/ r,
 
+  /opt/*/**.{desktop,png} r,
+
   /etc/gnome/defaults.list r,
   /etc/xfce4/defaults.list r,  
 
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index 6950304f..29ced8dd 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -195,7 +195,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   /usr/share/gnome-shell/extensions/*/**               rPUx,
 
   /opt/**/share/icons/{,**} r,
-  /opt/*/**/*.png r,
   /snap/*/@{uid}/**.png r,
   /usr/share/{,zoneinfo-}icu/{,**} r,
   /usr/share/**.{png,jpg,svg} r,
diff --git a/apparmor.d/profiles-a-f/aa-enforce b/apparmor.d/profiles-a-f/aa-enforce
index 2028e713..84ba22fb 100644
--- a/apparmor.d/profiles-a-f/aa-enforce
+++ b/apparmor.d/profiles-a-f/aa-enforce
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/aa-enforce @{bin}/aa-complain
+@{exec_path} = @{bin}/aa-enforce @{bin}/aa-complain @{bin}/aa-audit
 profile aa-enforce @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>