From eaf9bdb32bc0285670b13de0c4db58f5bc7ab13c Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <jeroen.rijken@xs4all.nl>
Date: Sun, 6 Aug 2023 16:50:58 +0200
Subject: [PATCH] Plank profile

Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
---
 apparmor.d/profiles-m-r/plank | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 apparmor.d/profiles-m-r/plank

diff --git a/apparmor.d/profiles-m-r/plank b/apparmor.d/profiles-m-r/plank
new file mode 100644
index 00000000..239b0bda
--- /dev/null
+++ b/apparmor.d/profiles-m-r/plank
@@ -0,0 +1,32 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/plank
+profile plank @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/app-launcher-user>
+  include <abstractions/dbus-session-strict>
+  include <abstractions/dconf>
+  include <abstractions/freedesktop.org>
+  include <abstractions/fontconfig-cache-read>
+  include <abstractions/fonts>
+  include <abstractions/gtk>
+
+  @{exec_path} rm,
+
+  unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*", label="{xorg,xkbcomp}"),
+
+  @{user_config_dirs}/plank/{,**} rw,
+  /usr/{,local/}share/plank/{,**} r,
+
+  /usr/{,local/}share/mime/mime.cache r,
+  /var/lib/flatpak/exports/share/icons/{,**} r,
+  /var/lib/flatpak/exports/share/mime/mime.cache r,
+
+  include if exists <local/plank>
+}