From c35f793ba115280877bfac650d709c016535153a Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 1 Apr 2021 23:54:41 +0100
Subject: [PATCH] Add rules for xdg-* profiles.

---
 apparmor.d/profiles-m-z/xdg-email    | 3 +++
 apparmor.d/profiles-m-z/xdg-mime     | 3 +++
 apparmor.d/profiles-m-z/xdg-open     | 2 +-
 apparmor.d/profiles-m-z/xdg-settings | 4 ++++
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/profiles-m-z/xdg-email b/apparmor.d/profiles-m-z/xdg-email
index d77aefe7..e45cea99 100644
--- a/apparmor.d/profiles-m-z/xdg-email
+++ b/apparmor.d/profiles-m-z/xdg-email
@@ -13,6 +13,9 @@ profile xdg-email @{exec_path} flags=(complain) {
 
   @{exec_path}  r,
   /{usr/,}bin/{,ba,da}sh rix,
+  /{usr/,}bin/sed        rix,
+
+  owner /dev/tty[0-9]* rw,
 
   include if exists <local/xdg-email>
 }
diff --git a/apparmor.d/profiles-m-z/xdg-mime b/apparmor.d/profiles-m-z/xdg-mime
index e6529be8..3f7405ad 100644
--- a/apparmor.d/profiles-m-z/xdg-mime
+++ b/apparmor.d/profiles-m-z/xdg-mime
@@ -25,6 +25,7 @@ profile xdg-mime @{exec_path} {
   /{usr/,}bin/sed        rix,
   /{usr/,}bin/uname      rix,
   /{usr/,}bin/file       rix,
+  /{usr/,}bin/tr         rix,
 
   /{usr/,}bin/mimetype   rPx,
   /{usr/,}bin/xprop      rPx,
@@ -46,6 +47,8 @@ profile xdg-mime @{exec_path} {
 
   owner @{run}/user/[0-9]*/ r,
 
+  /dev/tty rw,
+
   # For shell pwd
   owner @{HOME}/ r,
 
diff --git a/apparmor.d/profiles-m-z/xdg-open b/apparmor.d/profiles-m-z/xdg-open
index fbe67d02..e815d149 100644
--- a/apparmor.d/profiles-m-z/xdg-open
+++ b/apparmor.d/profiles-m-z/xdg-open
@@ -49,7 +49,7 @@ profile xdg-open @{exec_path} {
 
   # file_inherit
   /dev/dri/card[0-9]* rw,
-
+  /dev/tty rw,
 
   profile dbus {
     include <abstractions/base>
diff --git a/apparmor.d/profiles-m-z/xdg-settings b/apparmor.d/profiles-m-z/xdg-settings
index d6f0c4b6..aaadf18c 100644
--- a/apparmor.d/profiles-m-z/xdg-settings
+++ b/apparmor.d/profiles-m-z/xdg-settings
@@ -45,9 +45,13 @@ profile xdg-settings @{exec_path} {
 
   /etc/xdg/xfce4/helpers.rc r,
   owner @{user_config_dirs}/xfce4/helpers.rc{,.*} rw,
+  owner @{user_share_dirs}/applications/ r,
+  owner @{user_share_dirs}/applications/*.desktop r,
 
   owner @{HOME}/.Xauthority r,
 
+  /usr/share/terminfo/x/xterm-256color r,
+  /usr/share/applications/ r,
   /var/lib/dbus/machine-id r,
   /etc/machine-id r,