Add rules for xdg-* profiles.

apparmor.d/profiles-m-z/xdg-email

@@ -13,6 +13,9 @@ profile xdg-email @{exec_path} flags=(complain) {
 
   @{exec_path}  r,
   /{usr/,}bin/{,ba,da}sh rix,
+  /{usr/,}bin/sed        rix,
+
+  owner /dev/tty[0-9]* rw,
 
   include if exists <local/xdg-email>
 }

apparmor.d/profiles-m-z/xdg-mime

@@ -25,6 +25,7 @@ profile xdg-mime @{exec_path} {
   /{usr/,}bin/sed        rix,
   /{usr/,}bin/uname      rix,
   /{usr/,}bin/file       rix,
+  /{usr/,}bin/tr         rix,
 
   /{usr/,}bin/mimetype   rPx,
   /{usr/,}bin/xprop      rPx,
@@ -46,6 +47,8 @@ profile xdg-mime @{exec_path} {
 
   owner @{run}/user/[0-9]*/ r,
 
+  /dev/tty rw,
+
   # For shell pwd
   owner @{HOME}/ r,
 

apparmor.d/profiles-m-z/xdg-open

@@ -49,7 +49,7 @@ profile xdg-open @{exec_path} {
 
   # file_inherit
   /dev/dri/card[0-9]* rw,
-
+  /dev/tty rw,
 
   profile dbus {
     include <abstractions/base>

apparmor.d/profiles-m-z/xdg-settings

@@ -45,9 +45,13 @@ profile xdg-settings @{exec_path} {
 
   /etc/xdg/xfce4/helpers.rc r,
   owner @{user_config_dirs}/xfce4/helpers.rc{,.*} rw,
+  owner @{user_share_dirs}/applications/ r,
+  owner @{user_share_dirs}/applications/*.desktop r,
 
   owner @{HOME}/.Xauthority r,
 
+  /usr/share/terminfo/x/xterm-256color r,
+  /usr/share/applications/ r,
   /var/lib/dbus/machine-id r,
   /etc/machine-id r,