feat(profile): replace old audio abstraction by the new stack.

2025-01-18 17:08:09 +01:00 · 2024-03-12 15:39:10 +00:00 · 2024-03-12 15:39:10 +00:00 · e4c0f683d2
commit e4c0f683d2
parent b1235b0c52
62 changed files with 81 additions and 173 deletions
--- a/apparmor.d/abstractions/bwrap-app
+++ b/apparmor.d/abstractions/bwrap-app
@ -8,7 +8,7 @@
 # applications (bwrap) that have no way to restrict access depending of the
 # application beeing confined.

-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
--- a/apparmor.d/abstractions/chromium
+++ b/apparmor.d/abstractions/chromium
@ -12,7 +12,7 @@
 # @{config_dirs} = @{user_config_dirs}/chromium
 # @{cache_dirs} = @{user_cache_dirs}/chromium

-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.UPower>
--- a/apparmor.d/groups/apps/discord
+++ b/apparmor.d/groups/apps/discord
@ -23,7 +23,7 @@ profile discord @{exec_path} {
  include <abstractions/fonts>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/nameservice-strict>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/mesa>
  include <abstractions/user-download-strict>
  include <abstractions/thumbnails-cache-read>
--- a/apparmor.d/groups/apps/freetube
+++ b/apparmor.d/groups/apps/freetube
@ -23,7 +23,7 @@ profile freetube @{exec_path} {
  include <abstractions/fontconfig-cache-read>
  include <abstractions/gtk>
  include <abstractions/mesa>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/nameservice-strict>
  include <abstractions/user-download-strict>
  include <abstractions/thumbnails-cache-read>
--- a/apparmor.d/groups/apps/signal-desktop
+++ b/apparmor.d/groups/apps/signal-desktop
@ -14,7 +14,7 @@ include <tunables/global>
@{exec_path} = @{lib_dirs}/@{name}
 profile signal-desktop @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/chromium-common>
  include <abstractions/consoles>
  include <abstractions/fontconfig-cache-read>
--- a/apparmor.d/groups/apps/telegram-desktop
+++ b/apparmor.d/groups/apps/telegram-desktop
@ -19,7 +19,7 @@ profile telegram-desktop @{exec_path} {
  include <abstractions/fonts>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/freedesktop.org>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/user-download-strict>
  include <abstractions/qt5-compose-cache-write>
  include <abstractions/qt5-settings-write>
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@ -15,7 +15,7 @@ include <tunables/global>
@{exec_path} = @{bin}/@{name} @{lib_dirs}/@{name}
 profile firefox @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
  include <abstractions/bus/org.a11y>
@ -139,8 +139,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
  owner @{user_share_dirs}/applications/userapp-Firefox-@{rand6}.desktop{,.@{rand6}} rw,
  owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw,
  owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw,
-  owner @{user_share_dirs}/sounds/__custom/index.theme r,
-  owner @{user_share_dirs}/sounds/__custom/*.ogg r,

  owner @{config_dirs}/ rw,
  owner @{config_dirs}/{extensions,systemextensionsdev}/ rw,
@ -224,7 +222,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {

        /dev/ r,
        /dev/hidraw@{int} rw,
-        /dev/shm/ r,
        /dev/tty rw,
        /dev/video@{int} rw,
  owner /dev/shm/org.chromium.* rw,
--- a/apparmor.d/groups/freedesktop/pipewire
+++ b/apparmor.d/groups/freedesktop/pipewire
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/pipewire
 profile pipewire @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio2>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.RealtimeKit1>
@ -53,7 +53,6 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
  owner @{user_config_dirs}/pipewire/pipewire.conf r,
  
  owner /tmp/librnnoise-@{int}.so rm,
-  owner @{run}/user/@{uid}/pipewire-@{int} rw,
  owner @{run}/user/@{uid}/pipewire-@{int}.lock rwk,
  owner @{run}/user/@{uid}/pipewire-@{int}-manager.lock rwk,

--- a/apparmor.d/groups/freedesktop/pipewire-media-session
+++ b/apparmor.d/groups/freedesktop/pipewire-media-session
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/pipewire-media-session
 profile pipewire-media-session @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.RealtimeKit1>
@ -53,8 +53,6 @@ profile pipewire-media-session @{exec_path} {
  owner @{user_config_dirs}/pipewire/** rw,
  owner @{user_config_dirs}/pulse/ rw,

-  owner @{run}/user/@{uid}/pipewire-@{int} rw,
-
  @{run}/udev/data/c116:@{int} r,         # for ALSA

  @{run}/systemd/users/@{uid} r,
--- a/apparmor.d/groups/freedesktop/pipewire-pulse
+++ b/apparmor.d/groups/freedesktop/pipewire-pulse
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/pipewire-pulse
 profile pipewire-pulse @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/nameservice-strict>

  capability sys_ptrace,
@ -21,14 +21,15 @@ profile pipewire-pulse @{exec_path} flags=(attach_disconnected) {

  @{bin}/pactl rix,

+  /usr/share/pipewire/{,**} r,
+
+  /etc/pipewire/{,**} r,
+
  /var/lib/dbus/machine-id r,
  /etc/machine-id r,

-  /etc/pipewire/client.conf r,
-  /etc/pipewire/pipewire-pulse.conf r,
-  /etc/pipewire/pipewire-pulse.conf.d/{,*} r,
-  /usr/share/pipewire/client.conf r,
-  /usr/share/pipewire/pipewire-pulse.conf r,
+  / r,
+  /.flatpak-info r,

  /var/lib/gdm{3,}/.config/pulse/cookie rwk,

@ -40,8 +41,5 @@ profile pipewire-pulse @{exec_path} flags=(attach_disconnected) {
  @{sys}/devices/virtual/dmi/id/board_vendor r,
  @{sys}/devices/virtual/dmi/id/bios_vendor r,

-  / r,
-  /.flatpak-info r,
-
  include if exists <local/pipewire-pulse>
 }
--- a/apparmor.d/groups/freedesktop/pulseaudio
+++ b/apparmor.d/groups/freedesktop/pulseaudio
@ -11,7 +11,7 @@ include <tunables/global>
@{exec_path} = @{bin}/pulseaudio
 profile pulseaudio @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio2>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
  include <abstractions/bus/org.bluez>
--- a/apparmor.d/groups/gnome/gnome-control-center
+++ b/apparmor.d/groups/gnome/gnome-control-center
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/gnome-control-center
 profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
@ -73,14 +73,12 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
  /usr/share/gnome-shell/search-providers/{,**} r,
  /usr/share/gnome/gnome-version.xml r,
  /usr/share/language-tools/main-countries r,
-  /usr/share/pipewire/client.conf r,
  /usr/share/thumbnailers/{,*} r,
  /usr/share/wallpapers/{,**} r,
  /usr/share/xml/iso-codes/{,**} r,

  /etc/cups/client.conf r,
  /etc/machine-info r,
-  /etc/pipewire/client.conf.d/{,**} r,
  /etc/rygel.conf r,
  /etc/security/pwquality.conf r,
  /etc/security/pwquality.conf.d/{,**} r,
@ -113,7 +111,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
  owner @{user_share_dirs}/gnome-remote-desktop/ w,
  owner @{user_share_dirs}/gnome-remote-desktop/rdp-tls.{crt,key}{,.@{rand6}} rw,
  owner @{user_share_dirs}/icc/{,edid-*} r,
-  owner @{user_share_dirs}/sounds/__custom/{,*} rw,

  owner /tmp/gdkpixbuf-xpm-tmp.@{rand6} rw,

@ -125,7 +122,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
  owner @{run}/user/@{uid}/gnome-control-center-region-needs-restart w,
  owner @{run}/user/@{uid}/gnome-shell-disable-extensions w,
  owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
-  owner @{run}/user/@{uid}/pipewire-@{int} rw,

  @{run}/udev/data/+dmi:* r,
  @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
--- a/apparmor.d/groups/gnome/gnome-extension-ding
+++ b/apparmor.d/groups/gnome/gnome-extension-ding
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /usr/share/gnome-shell/extensions/ding@rastersoft.com/{,app/}ding.js
 profile gnome-extension-ding @{exec_path} {
  include <abstractions/base>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
@ -60,10 +61,6 @@ profile gnome-extension-ding @{exec_path} {

  /usr/share/gnome-shell/extensions/ding@rastersoft.com/{,app/}* r,
  /usr/share/thumbnailers/{,*.thumbnailer} r,
-  /usr/share/X11/{,**} r,
-
-  /etc/pulse/client.conf r,
-  /etc/pulse/client.conf.d/{,*} r,

  /var/lib/snapd/desktop/icons/{,**} r,

@ -72,13 +69,6 @@ profile gnome-extension-ding @{exec_path} {

  owner @{user_share_dirs}/nautilus/scripts/ r,

-  owner @{user_config_dirs}/pulse/cookie rk,
-
-  /dev/shm/ r,
-
-  owner @{run}/user/@{uid}/pulse/ r,
-  owner @{run}/user/@{uid}/pulse/native rw,
-
  owner @{PROC}/@{pid}/mountinfo r,
  owner @{PROC}/@{pid}/mounts r,
  owner @{PROC}/@{pid}/stat r,
--- a/apparmor.d/groups/gnome/gnome-extension-gsconnect
+++ b/apparmor.d/groups/gnome/gnome-extension-gsconnect
@ -12,6 +12,7 @@ include <tunables/global>
@{exec_path} = @{share_dirs}/service/daemon.js
 profile gnome-extension-gsconnect @{exec_path} {
  include <abstractions/base>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
@ -49,8 +50,6 @@ profile gnome-extension-gsconnect @{exec_path} {
  @{share_dirs}/{,**} r,
  @{share_dirs}/gsconnect-preferences rix,

-  /usr/share/X11/{,**} r,
-
  /etc/machine-id r,

  owner @{user_cache_dirs}/gsconnect/{,**} rw,
@ -60,13 +59,10 @@ profile gnome-extension-gsconnect @{exec_path} {
  owner @{user_config_dirs}/gsconnect/{,**} rw,
  owner @{user_config_dirs}/mimeapps.list w,
  owner @{user_config_dirs}/mimeapps.list.@{rand6} rw,
-  owner @{user_config_dirs}/pulse/client.conf r,
-  owner @{user_config_dirs}/pulse/cookie rk,

  owner @{user_share_dirs}/ r,

  owner @{run}/user/@{uid}/gsconnect/ w,
-  owner @{run}/user/@{uid}/pulse/ r,

  @{sys}/devices/virtual/dmi/id/chassis_type r,

--- a/apparmor.d/groups/gnome/gnome-music
+++ b/apparmor.d/groups/gnome/gnome-music
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/gnome-music
 profile gnome-music @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/graphics>
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@ -10,7 +10,7 @@ include <tunables/global>
 profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  include <abstractions/base>
  include <abstractions/app-launcher-user>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
@ -234,20 +234,18 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  /usr/share/libinput*/{,**/}[0-9][0-9]-*.quirks r,
  /usr/share/libinput*/libinput/ r,
  /usr/share/libwacom/{,*.stylus,*.tablet} r,
-  /usr/share/pipewire/client.conf r,
  /usr/share/wallpapers/** r,
  /usr/share/wayland-sessions/{,*.desktop} r,
  /usr/share/xml/iso-codes/{,**} r,

  /.flatpak-info r,
  /etc/fstab r,
-  /etc/pipewire/client.conf.d/{,**} r,
  /etc/timezone r,
  /etc/udev/hwdb.bin r,
  /etc/xdg/menus/gnome-applications.menu r,

  /var/lib/gdm{3,}/.cache/ w,
-  /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.x86_64-pc-linux-gnu rwk,
+  /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.@{multiarch} rwk,
  /var/lib/gdm{3,}/.cache/fontconfig/{,*} rwl,
  /var/lib/gdm{3,}/.cache/gstreamer-@{int}/ rw,
  /var/lib/gdm{3,}/.cache/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw,
@ -290,7 +288,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  owner @{user_config_dirs}/background r,
  owner @{user_config_dirs}/ibus/ w,
  owner @{user_config_dirs}/monitors.xml{,~} rwl,
-  owner @{user_config_dirs}/pulse/ rw,
  owner @{user_config_dirs}/tiling-assistant/{,**} rw,

  owner @{user_share_dirs}/backgrounds/{,**} rw,
@ -299,7 +296,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  owner @{user_share_dirs}/gnome-shell/extensions/{,**} r,
  owner @{user_share_dirs}/gvfs-metadata/{,*} r,
  owner @{user_share_dirs}/icc/{,*} rw,
-  owner @{user_share_dirs}/sounds/__custom/index.theme r,

  owner @{user_cache_dirs}/evolution/addressbook/*/PHOTO-*.JPEG r,
  owner @{user_cache_dirs}/gnome-boxes/*.png r,
@ -314,7 +310,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
  owner @{run}/user/@{uid}/snap.snap*/wayland-cursor-shared-* rw,
  owner @{run}/user/@{uid}/systemd/notify rw,
-  owner @{run}/user/@{uid}/pipewire-@{int} rw,

  owner /dev/shm/.org.chromium.Chromium.* rw,
  owner /dev/shm/wayland.mozilla.ipc.@{int} rw,
--- a/apparmor.d/groups/gnome/gnome-terminal-server
+++ b/apparmor.d/groups/gnome/gnome-terminal-server
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/gnome-terminal-server
 profile gnome-terminal-server @{exec_path} {
  include <abstractions/base>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus/org.a11y>
@ -48,24 +49,15 @@ profile gnome-terminal-server @{exec_path} {
  @{open_path}                rPx -> child-open,

  /usr/share/icu/@{int}.@{int}/*.dat r,
-  /usr/share/sounds/{,**} r,

-  /etc/pulse/client.conf r,
-  /etc/pulse/client.conf.d/{,**} r,
  /etc/shells r,

  /var/lib/flatpak/exports/share/icons/{,**} r,
  /var/lib/snapd/desktop/icons/{,**} r,

-  owner @{user_cache_dirs}/event-sound-cache.tdb.@{md5}.@{multiarch} rwk,
-
  owner @{user_config_dirs}/*xdg-terminals.list* rw,
  owner @{user_config_dirs}/ibus/bus/ r,
  owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
-  owner @{user_config_dirs}/pulse/cookie rk,
-
-  owner @{run}/user/@{uid}/pulse/ r,
-  owner @{run}/user/@{uid}/pulse/native rw,

  owner /tmp/#@{int} rw,

@ -73,7 +65,6 @@ profile gnome-terminal-server @{exec_path} {
  @{PROC}/@{pids}/cgroup r,

  /dev/ptmx rw,
-  /dev/shm/ r,

  include if exists <local/gnome-terminal-server>
 }
--- a/apparmor.d/groups/gnome/gnome-tweaks
+++ b/apparmor.d/groups/gnome/gnome-tweaks
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/gnome-tweaks
 profile gnome-tweaks @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/python>
@ -35,7 +35,6 @@ profile gnome-tweaks @{exec_path} {
  owner @{user_share_dirs}/backgrounds/{,**} r,
  owner @{user_share_dirs}/gnome-shell/extensions/**/schemas/* r,
  owner @{user_share_dirs}/recently-used.xbel* rw,
-  owner @{user_share_dirs}/sounds/{,**} r,

  owner @{PROC}/@{pid}/fd/ r,

--- a/apparmor.d/groups/gnome/gsd-media-keys
+++ b/apparmor.d/groups/gnome/gsd-media-keys
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/gsd-media-keys
 profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
@ -95,15 +95,12 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
  /usr/share/sounds/freedesktop/stereo/*.oga r,

  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
  /var/lib/gdm{3,}/.config/pulse/client.conf r,
  /var/lib/gdm{3,}/.config/pulse/cookie rk,
+  /var/lib/gdm{3,}/greeter-dconf-defaults r,

  /var/lib/flatpak/exports/share/applications/{,mimeinfo.cache} r,

-  owner @{user_config_dirs}/pulse/ rw,
-
-  owner @{user_share_dirs}/event-sound-cache.tdb.* rwk,
  owner @{user_share_dirs}/recently-used.xbel{,.*} rw,

  @{run}/systemd/inhibit/[0-9]*.ref rw,
--- a/apparmor.d/groups/gnome/gsd-power
+++ b/apparmor.d/groups/gnome/gsd-power
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/gsd-power
 profile gsd-power @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
@ -53,7 +53,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {

  /var/lib/gdm{3,}/.config/pulse/ rw,
  /var/lib/gdm{3,}/.config/pulse/cookie rwk,
-  /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.* rwk,
+  /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.@{multiarch} rwk,
  /var/lib/gdm{3,}/.config/dconf/user r,
  /var/lib/gdm{3,}/.config/pulse/client.conf r,
  /var/lib/gdm{3,}/greeter-dconf-defaults r,
--- a/apparmor.d/groups/gnome/gsd-sound
+++ b/apparmor.d/groups/gnome/gsd-sound
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/gsd-sound
 profile gsd-sound @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus/org.gnome.SessionManager>
  include <abstractions/bus/org.gtk.vfs.MountTracker>
--- a/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
+++ b/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/org.gnome.NautilusPreviewer
 profile org.gnome.NautilusPreviewer @{exec_path} {
  include <abstractions/base>
+  include <abstractions/audio-client>
  include <abstractions/dconf-write>
  include <abstractions/deny-sensitive-home>
  include <abstractions/gnome-strict>
@ -37,8 +38,6 @@ profile org.gnome.NautilusPreviewer @{exec_path} {
  owner @{MOUNTS}/{,**} r,
  owner @{HOME}/{,**} r,

-  owner @{user_config_dirs}/pulse/cookie rk,
-
  @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511

  @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/*org.gnome.NautilusPreviewer.slice/*/memory.* r,
--- a/apparmor.d/groups/kde/kded
+++ b/apparmor.d/groups/kde/kded
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/kded5 @{bin}/kded6
 profile kded @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-system>
  include <abstractions/bus/org.bluez>
  include <abstractions/consoles>
--- a/apparmor.d/groups/kde/konsole
+++ b/apparmor.d/groups/kde/konsole
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/konsole
 profile konsole @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/consoles>
--- a/apparmor.d/groups/kde/kwalletd
+++ b/apparmor.d/groups/kde/kwalletd
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/kwalletd{5,6}
 profile kwalletd @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/consoles>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/graphics>
--- a/apparmor.d/groups/kde/kwalletmanager
+++ b/apparmor.d/groups/kde/kwalletmanager
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/kwalletmanager{5,6}
 profile kwalletmanager @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/consoles>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/graphics>
--- a/apparmor.d/groups/kde/plasmashell
+++ b/apparmor.d/groups/kde/plasmashell
@ -2,6 +2,13 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

+# When we have issues:
+
+#   owner @{user_config_dirs}/#@{int} rw,
+#   owner @{user_config_dirs}/QtProject.conf rwl -> @{user_config_dirs}/#@{int},
+#   owner @{user_config_dirs}/QtProject.conf.@{rand6} rwl -> @{user_config_dirs}/#@{int},
+#   owner @{user_config_dirs}/QtProject.conf.lock rwk,
+
 abi <abi/3.0>,

 include <tunables/global>
@ -10,7 +17,7 @@ include <tunables/global>
 profile plasmashell @{exec_path} flags=(mediate_deleted) {
  include <abstractions/base>
  include <abstractions/app-launcher-user>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.NetworkManager>
@ -81,9 +88,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
  /etc/fstab r,
  /etc/ksysguarddrc r,
  /etc/machine-id r,
-  /etc/pipewire/client.conf.d/ r,
-  /etc/pulse/client.conf r,
-  /etc/pulse/client.conf.d/ r,
  /etc/sensors3.conf r,
  /etc/sensors.d/ r,
  /etc/xdg/** r,
@ -100,7 +104,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
  owner @{user_cache_dirs}/appstream/*.xb rw,
  owner @{user_cache_dirs}/bookmarksrunner/ rw,
  owner @{user_cache_dirs}/bookmarksrunner/** rwkl -> @{user_cache_dirs}/bookmarksrunner/#@{int},
-  owner @{user_cache_dirs}/event-sound-cache.tdb.@{md5}.x86_64-pc-linux-gnu rwk,
  owner @{user_cache_dirs}/icon-cache.kcache rw,
  owner @{user_cache_dirs}/kcrash-metadata/plasmashell.*.ini w,
  owner @{user_cache_dirs}/ksvg-elements* rwlk -> @{user_cache_dirs}/#@{int},
@ -136,8 +139,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
  owner @{user_config_dirs}/menus/{,**} r,
  owner @{user_config_dirs}/networkmanagement.notifyrc r,
  owner @{user_config_dirs}/plasma* rwlk,
-  owner @{user_config_dirs}/pulse/ rw,
-  owner @{user_config_dirs}/pulse/cookie rwk,
  owner @{user_config_dirs}/trashrc r,

  owner @{user_share_dirs}/#@{int} rw,
@ -160,15 +161,14 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
  owner @{user_share_dirs}/plasmashell/** rwkl -> @{user_share_dirs}/plasmashell/**,
  owner @{user_share_dirs}/user-places.xbel{,*} rwl,

-  owner /tmp/#@{int} rw,
        /tmp/.mount_nextcl@{rand6}/{,*} r,
+  owner /tmp/#@{int} rw,

        @{run}/mount/utab r,
        @{run}/user/@{uid}/gvfs/ r,
  owner @{run}/user/@{uid}/#@{int} rw,
  owner @{run}/user/@{uid}/kdesud_:@{int} w,
  owner @{run}/user/@{uid}/plasmashell@{rand6}.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int},
-  owner @{run}/user/@{uid}/pulse/ rw,

  @{sys}/bus/ r,
  @{sys}/bus/usb/devices/ r,
@ -197,7 +197,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {

  /dev/ptmx rw,
  /dev/rfkill r,
-  /dev/shm/ r,

  include if exists <local/plasmashell>
 }
--- a/apparmor.d/groups/ubuntu/update-notifier
+++ b/apparmor.d/groups/ubuntu/update-notifier
@ -10,7 +10,7 @@ include <tunables/global>
 profile update-notifier @{exec_path} {
  include <abstractions/base>
  include <abstractions/apt-common>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
--- a/apparmor.d/groups/whonix/torbrowser
+++ b/apparmor.d/groups/whonix/torbrowser
@ -15,7 +15,7 @@ include <tunables/global>
@{exec_path} = @{lib_dirs}/firefox.*
 profile torbrowser @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
  include <abstractions/bus/org.a11y>
--- a/apparmor.d/profiles-a-f/amixer
+++ b/apparmor.d/profiles-a-f/amixer
@ -10,22 +10,16 @@ include <tunables/global>
@{exec_path} = @{bin}/amixer
 profile amixer @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/nameservice-strict>

  @{exec_path} mr,

-  /usr/share/pipewire/client.conf r,
-  /usr/share/pipewire/client-rt.conf r,
-
  /etc/machine-id r,
-  /etc/pipewire/client-rt.conf.d/{,*} r,
  /var/lib/dbus/machine-id r,

  owner @{HOME}/.Xauthority r,

-  owner @{user_config_dirs}/pulse/ r,
-
  owner @{PROC}/@{pid}/task/@{tid}/comm rw,

  owner /dev/tty@{int} rw,
--- a/apparmor.d/profiles-a-f/aplay
+++ b/apparmor.d/profiles-a-f/aplay
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/aplay
 profile aplay @{exec_path} flags=(complain) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>

  @{exec_path} mr,

@ -19,7 +19,5 @@ profile aplay @{exec_path} flags=(complain) {

  owner @{HOME}/.Xauthority r,

-  owner @{user_config_dirs}/pulse/ r,
-
  include if exists <local/aplay>
 }
--- a/apparmor.d/profiles-a-f/blueman
+++ b/apparmor.d/profiles-a-f/blueman
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/blueman-*
 profile blueman @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/dconf-write>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/fonts>
--- a/apparmor.d/profiles-a-f/claws-mail
+++ b/apparmor.d/profiles-a-f/claws-mail
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/claws-mail
 profile claws-mail @{exec_path} flags=(complain) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/enchant>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/fonts>
@ -35,7 +35,6 @@ profile claws-mail @{exec_path} flags=(complain) {
  @{bin}/geany      rPUx,

  /usr/share/publicsuffix/*.dafsa r,
-  /usr/share/sounds/freedesktop/stereo/*.oga r,

  /etc/fstab r,
  /etc/machine-id r,
--- a/apparmor.d/profiles-a-f/dring
+++ b/apparmor.d/profiles-a-f/dring
@ -10,8 +10,8 @@ include <tunables/global>
@{exec_path} = @{lib}/ring/dring
 profile dring @{exec_path} {
  include <abstractions/base>
+  include <abstractions/audio-client>
  include <abstractions/nameservice-strict>
-  include <abstractions/audio>
  include <abstractions/video>

  network inet dgram,
--- a/apparmor.d/profiles-a-f/ffmpeg
+++ b/apparmor.d/profiles-a-f/ffmpeg
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/ffmpeg
 profile ffmpeg @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/consoles>
  include <abstractions/dri-common>
  include <abstractions/nameservice-strict>
--- a/apparmor.d/profiles-a-f/ffplay
+++ b/apparmor.d/profiles-a-f/ffplay
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/ffplay
 profile ffplay @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/freedesktop.org>
  include <abstractions/nameservice-strict>
  include <abstractions/user-download-strict>
--- a/apparmor.d/profiles-g-l/hypnotix
+++ b/apparmor.d/profiles-g-l/hypnotix
@ -11,7 +11,7 @@ include <tunables/global>
@{exec_path} += @{lib}/hypnotix/hypnotix.py
 profile hypnotix @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/dconf-write>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/fonts>
--- a/apparmor.d/profiles-m-r/minitube
+++ b/apparmor.d/profiles-m-r/minitube
@ -17,7 +17,7 @@ profile minitube @{exec_path} {
  include <abstractions/fontconfig-cache-read>
  include <abstractions/freedesktop.org>
  include <abstractions/mesa>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/nameservice-strict>
  include <abstractions/qt5-settings-write>
  include <abstractions/qt5-compose-cache-write>
--- a/apparmor.d/profiles-m-r/mpd
+++ b/apparmor.d/profiles-m-r/mpd
@ -11,7 +11,7 @@ include <tunables/global>
@{exec_path} = @{bin}/mpd
 profile mpd @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/nameservice-strict>

  network inet dgram,
--- a/apparmor.d/profiles-m-r/mpv
+++ b/apparmor.d/profiles-m-r/mpv
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/mpv
 profile mpv @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/consoles>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/fonts>
@ -39,11 +39,8 @@ profile mpv @{exec_path} {
  @{bin}/youtube-dl rPx,
  @{bin}/yt-dlp     rPx,

-  /usr/share/pipewire/client-rt.conf r,
-
  /etc/libva.conf r,
  /etc/mpv/* r,
-  /etc/pipewire/client-rt.conf.d/{,**} r,
  /etc/samba/smb.conf r,

  /etc/machine-id r,
--- a/apparmor.d/profiles-m-r/pacmd
+++ b/apparmor.d/profiles-m-r/pacmd
@ -10,8 +10,8 @@ include <tunables/global>
@{exec_path} = @{bin}/pacmd
 profile pacmd @{exec_path} {
  include <abstractions/base>
+  include <abstractions/audio-client>
  include <abstractions/consoles>
-  include <abstractions/audio>

  #capability sys_ptrace,

@ -24,8 +24,6 @@ profile pacmd @{exec_path} {

  /app/lib/libzypak*.so* mr,

-  owner @{run}/user/@{uid}/pulse rw,
-
  owner @{PROC}/@{pids}/stat r,

  deny @{user_share_dirs}/gvfs-metadata/* r,
--- a/apparmor.d/profiles-m-r/pactl
+++ b/apparmor.d/profiles-m-r/pactl
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/pactl
 profile pactl @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/consoles>

  @{exec_path} mr,
@ -24,8 +24,6 @@ profile pactl @{exec_path} {

  owner @{HOME}/.Xauthority r,

-  owner @{user_config_dirs}/pulse/ rw,
-
  # file_inherit
  owner /dev/tty@{int} rw,
  owner @{HOME}/.xsession-errors w,
--- a/apparmor.d/profiles-m-r/psi
+++ b/apparmor.d/profiles-m-r/psi
@ -82,7 +82,7 @@ profile psi @{exec_path} {

  profile aplay {
    include <abstractions/base>
-    include <abstractions/audio>
+    include <abstractions/audio-client>

    @{bin}/aplay mr,
    #@{bin}/pulseaudio rPUx,
--- a/apparmor.d/profiles-m-r/psi-plus
+++ b/apparmor.d/profiles-m-r/psi-plus
@ -81,7 +81,7 @@ profile psi-plus @{exec_path} {

  profile aplay {
    include <abstractions/base>
-    include <abstractions/audio>
+    include <abstractions/audio-client>

    @{bin}/aplay mr,
    #@{bin}/pulseaudio rPUx,
--- a/apparmor.d/profiles-m-r/quiterss
+++ b/apparmor.d/profiles-m-r/quiterss
@ -25,8 +25,7 @@ profile quiterss @{exec_path} {
  include <abstractions/openssl>
  include <abstractions/ssl_certs>
  include <abstractions/gstreamer>
-  # This one is needed when you want to receive sound notifications
-  include <abstractions/audio>
+  include <abstractions/audio-client>

  network inet dgram,
  network inet6 dgram,
--- a/apparmor.d/profiles-m-r/rustdesk
+++ b/apparmor.d/profiles-m-r/rustdesk
@ -8,7 +8,7 @@ include <tunables/global>
@{exec_path} = @{bin}/rustdesk
 profile rustdesk @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus/org.a11y>
@ -58,17 +58,6 @@ profile rustdesk @{exec_path} {
  owner @{PROC}/@{pid}/cgroup r,
  owner @{PROC}/@{pid}/cmdline r,

-  # pulse
-  /dev/shm/ r,
-  /etc/pulse/client.conf r,
-  /etc/pulse/client.conf.d/{,*} r,
-  owner @{run}/user/@{uid}/pulse/ r,
-  owner @{run}/user/@{uid}/pulse/native rw,
-  owner @{user_config_dirs}/pulse/ rw,
-  owner @{user_config_dirs}/pulse/cookie rwk,
-  owner @{user_config_dirs}/pulse/@{md5}-runtime{,.tmp} rw,
-  owner /tmp/pulse-*/ rw,
-
  profile sudo {
    include <abstractions/base>
    include <abstractions/nameservice-strict>
--- a/apparmor.d/profiles-s-z/scrcpy
+++ b/apparmor.d/profiles-s-z/scrcpy
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/scrcpy
 profile scrcpy @{exec_path} {
  include <abstractions/base>
+  include <abstractions/audio-client>
  include <abstractions/dconf-write>
  include <abstractions/desktop>
  include <abstractions/graphics>
@ -31,13 +32,6 @@ profile scrcpy @{exec_path} {

  owner @{user_config_dirs}/ibus/bus/ r,
  owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
-  owner @{user_config_dirs}/pulse/client.conf r,
-  owner @{user_config_dirs}/pulse/cookie r,
-  owner @{user_config_dirs}/pulse/cookie rk,
-
-  owner @{run}/user/@{uid}/pulse/ r,
-
-  /dev/shm/ r,

  deny @{user_share_dirs}/gvfs-metadata/* r,

--- a/apparmor.d/profiles-s-z/smplayer
+++ b/apparmor.d/profiles-s-z/smplayer
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/smplayer
 profile smplayer @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/consoles>
  include <abstractions/dri-enumerate>
  include <abstractions/fontconfig-cache-read>
--- a/apparmor.d/profiles-s-z/spice-vdagent
+++ b/apparmor.d/profiles-s-z/spice-vdagent
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/spice-vdagent
 profile spice-vdagent @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio2>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
@ -36,10 +36,6 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) {

  @{exec_path} mr,

-  /usr/share/pipewire/client-rt.conf r,
-
-  /etc/pipewire/client.conf r,
-
  /var/lib/gdm{3,}/.config/pulse/cookie rk,
  /var/lib/gdm{3,}/.config/user-dirs.dirs r,

@ -47,8 +43,7 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) {

  owner @{user_config_dirs}/user-dirs.dirs r,

-        @{run}/spice-vdagentd/spice-vdagent-sock rw,
-  owner @{run}/user/@{uid}/pipewire-@{int} rw,
+  @{run}/spice-vdagentd/spice-vdagent-sock rw,

  owner @{PROC}/@{pids}/task/@{tid}/comm rw,

--- a/apparmor.d/profiles-s-z/spotify
+++ b/apparmor.d/profiles-s-z/spotify
@ -15,6 +15,7 @@ include <tunables/global>
@{exec_path} = @{bin}/@{name} @{lib_dirs}/@{name}
 profile spotify @{exec_path} {
  include <abstractions/base>
+  include <abstractions/audio-client>
  include <abstractions/chromium-common>
  include <abstractions/dconf-write>
  include <abstractions/desktop>
@ -44,8 +45,6 @@ profile spotify @{exec_path} {

  owner @{user_music_dirs}/{,**} r,

-  owner @{user_config_dirs}/pulse/client.conf r,
-  owner @{user_config_dirs}/pulse/cookie rk,
  owner @{user_config_dirs}/spotify-adblock/* r,

  owner @{config_dirs}/ rw,
@ -56,8 +55,6 @@ profile spotify @{exec_path} {
  owner @{cache_dirs}/** rwk -> @{cache_dirs}/**,
  owner @{cache_dirs}/WidevineCdm/**/libwidevinecdm.so rm,

-  owner @{run}/user/@{uid}/pulse/ r,
-
  @{sys}/devices/system/cpu/kernel_max r,
  @{sys}/devices/virtual/dmi/id/board_{vendor,name,version} r,
  @{sys}/devices/virtual/dmi/id/product_{name,version} r,
@ -76,8 +73,7 @@ profile spotify @{exec_path} {
  owner @{PROC}/@{pid}/task/@{tid}/stat r,
  owner @{PROC}/@{pid}/task/@{tid}/status r,

-        /dev/tty rw,
-  owner /dev/shm/pulse-shm-@{int} r,
+  /dev/tty rw,

  deny @{user_share_dirs}/gvfs-metadata/* r,

--- a/apparmor.d/profiles-s-z/steam
+++ b/apparmor.d/profiles-s-z/steam
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{user_share_dirs}/Steam/steam.sh
 profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/chromium-common>
  include <abstractions/consoles>
  include <abstractions/dconf-write>
--- a/apparmor.d/profiles-s-z/steam-game
+++ b/apparmor.d/profiles-s-z/steam-game
@ -23,7 +23,7 @@ include <tunables/global>
@{exec_path} = @{user_share_dirs}/Steam/steamapps/common/*/**
 profile steam-game @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bwrap>
  include <abstractions/desktop>
  include <abstractions/devices-usb>
--- a/apparmor.d/profiles-s-z/steam-gameoverlayui
+++ b/apparmor.d/profiles-s-z/steam-gameoverlayui
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{steam_lib_dirs}/gameoverlayui
 profile steam-gameoverlayui @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/desktop>
  include <abstractions/graphics>

--- a/apparmor.d/profiles-s-z/strawberry
+++ b/apparmor.d/profiles-s-z/strawberry
@ -18,7 +18,7 @@ profile strawberry @{exec_path} {
  include <abstractions/fontconfig-cache-read>
  include <abstractions/dri-enumerate>
  include <abstractions/mesa>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/qt5-compose-cache-write>
  include <abstractions/qt5-settings-write>
  include <abstractions/nameservice-strict>
--- a/apparmor.d/profiles-s-z/thunderbird
+++ b/apparmor.d/profiles-s-z/thunderbird
@ -15,7 +15,7 @@ include <tunables/global>
@{exec_path} = @{bin}/@{name} @{lib_dirs}/@{name}
 profile thunderbird @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
  include <abstractions/bus/org.a11y>
@ -95,7 +95,6 @@ profile thunderbird @{exec_path} {
  /usr/share/lightning/{,**} r,
  /usr/share/mozilla/extensions/{,**} r,
  /usr/share/qt5ct/** r,
-  /usr/share/sounds/freedesktop/stereo/*.oga r,
  /usr/share/xul-ext/kwallet5/* r,

  /etc/@{name}/{,**} r,
--- a/apparmor.d/profiles-s-z/utox
+++ b/apparmor.d/profiles-s-z/utox
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/utox
 profile utox @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/dconf-write>
  include <abstractions/desktop>
  include <abstractions/fontconfig-cache-read>
--- a/apparmor.d/profiles-s-z/vidcutter
+++ b/apparmor.d/profiles-s-z/vidcutter
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/vidcutter
 profile vidcutter @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/dconf-write>
  include <abstractions/dri-enumerate>
  include <abstractions/fontconfig-cache-read>
--- a/apparmor.d/profiles-s-z/virt-manager
+++ b/apparmor.d/profiles-s-z/virt-manager
@ -11,7 +11,7 @@ include <tunables/global>
@{exec_path} += /usr/share/virt-manager/virt-manager
 profile virt-manager @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/dconf-write>
  include <abstractions/desktop>
  include <abstractions/devices-usb>
--- a/apparmor.d/profiles-s-z/vlc
+++ b/apparmor.d/profiles-s-z/vlc
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/{c,}vlc
 profile vlc @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus/org.a11y>
--- a/apparmor.d/profiles-s-z/volumeicon
+++ b/apparmor.d/profiles-s-z/volumeicon
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/volumeicon
 profile volumeicon @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/dri-enumerate>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/desktop>
--- a/apparmor.d/profiles-s-z/wireplumber
+++ b/apparmor.d/profiles-s-z/wireplumber
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/wireplumber
 profile wireplumber @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio2>
  include <abstractions/bus-session>
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.RealtimeKit1>
@ -49,8 +49,6 @@ profile wireplumber @{exec_path} {
  owner @{user_state_dirs}/ w,
  owner @{user_state_dirs}/wireplumber/{,**} rw,

-  @{run}/user/@{uid}/pipewire-@{int} rw,
-
  @{run}/systemd/users/@{uid} r,

  @{run}/udev/data/c14:@{int} r,          # Open Sound System (OSS)
--- a/apparmor.d/profiles-s-z/youtube-dl
+++ b/apparmor.d/profiles-s-z/youtube-dl
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/youtube-dl
 profile youtube-dl @{exec_path} {
  include <abstractions/base>
-  include <abstractions/audio>
+  include <abstractions/audio-client>
  include <abstractions/consoles>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/fonts>