feat(dbus): add/update dbus abstraction.

apparmor.d/abstractions/bus/org.freedesktop.PackageKit

@@ -7,4 +7,14 @@
        member=GetAll
        peer=(name=:*, label=packagekitd),
 
+  dbus send bus=system path=/org/freedesktop/PackageKit
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect
+       peer=(name=org.freedesktop.PackageKit, label=packagekitd),
+
+  dbus send bus=system path=/org/freedesktop/PackageKit
+       interface=org.freedesktop.PackageKit
+       member=StateHasChanged
+       peer=(name=org.freedesktop.PackageKit, label=packagekitd),
+
   include if exists <abstractions/bus/org.freedesktop.PackageKit.d>

apparmor.d/abstractions/bus/org.freedesktop.login1.Session

@@ -15,7 +15,7 @@
   dbus send bus=system path=/org/freedesktop/login1/session/*
        interface=org.freedesktop.login1.Session
        member={ReleaseDevice,TakeControl,TakeDevice,SetBrightness,SetLockedHint,SetIdleHint}
-       peer=(name=:*, label=systemd-logind),
+       peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind),
 
   dbus receive bus=system path=/org/freedesktop/login1/session/*
        interface=org.freedesktop.DBus.Properties
@@ -25,6 +25,6 @@
   dbus receive bus=system path=/org/freedesktop/login1/session/*
        interface=org.freedesktop.login1.Session
        member={PauseDevice,Unlock}
-       peer=(name=:*, label=systemd-logind),
+       peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind),
 
   include if exists <abstractions/bus/org.freedesktop.login1.Session.d>

apparmor.d/abstractions/bus/org.freedesktop.resolve1

@@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/resolve1
+       interface=org.freedesktop.resolve1.Manager
+       member={SetLink*,ResolveHostname}
+       peer=(name=org.freedesktop.resolve1, label=systemd-resolved),
+
+  include if exists <abstractions/bus/org.freedesktop.resolve1.d>

apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor

@@ -5,11 +5,16 @@
   dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor
        interface=org.gtk.Private.RemoteVolumeMonitor
        member={List,IsSupported,VolumeChanged,VolumeMount,MountAdded}
-       peer=(name=:*, label=gvfs-*-monitor),
+       peer=(name=:*, label=gvfs-udisks2-volume-monitor),
 
   dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
        interface=org.gtk.Private.RemoteVolumeMonitor
-       member={MountAdded,VolumeChanged}
+       member={MountAdded,MountChanged,VolumeChanged,VolumeRemoved}
-       peer=(name=:*, label=gvfs-*-volume-monitor),
+       peer=(name=:*, label=gvfs-udisks2-volume-monitor),
+
+  dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
+       interface=org.gtk.Private.RemoteVolumeMonitor
+       member={VolumeAdded,DriveDisconnected,DriveConnected,DriveChanged}
+       peer=(name=:*, label=gvfs-udisks2-volume-monitor),
 
   include if exists <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor.d>

apparmor.d/groups/freedesktop/at-spi-bus-launcher

@@ -44,7 +44,10 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
   /var/lib/lightdm/.Xauthority r,
   /var/log/lightdm/seat[0-9]*-greeter.log w,
 
-  @{run}/systemd/users/@{uid} r,
+        @{run}/systemd/users/@{uid} r,
+  owner @{run}/user/@{uid}/at-spi/ rw,
+  owner @{run}/user/@{uid}/at-spi/bus rw,
+  owner @{run}/user/@{uid}/at-spi/bus_@{int} rw,
 
   @{sys}/kernel/security/apparmor/.access rw,
   @{sys}/kernel/security/apparmor/features/dbus/mask r,