feat(abs): add abi reference to all abstractions.

apparmor.d/abstractions/X-strict

@@ -2,6 +2,9 @@
 # Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
+
   # The unix socket to use to connect to the display
   unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
   unix (connect, receive, send) type=stream peer=(addr="@/tmp/.ICE-unix/[0-9]*"),

apparmor.d/abstractions/app-launcher-root

@@ -3,6 +3,8 @@
 # Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   @{bin}/**                     PUx,
   /usr/local/{s,}bin/**         PUx,
 

apparmor.d/abstractions/app-launcher-user

@@ -3,6 +3,8 @@
 # Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   @{bin}/**                     PUx,
   /opt/*/**                     PUx,
   /usr/share/**                 PUx,

apparmor.d/abstractions/app-open

@@ -8,6 +8,8 @@
 # Ultimately, only sandbox manager such as like bwrap, snap, flatpak, firejail
 # should be present here. Until this day, this profile will be a controlled mess.
 
+  abi <abi/4.0>,
+
   # Sandbox managers
   @{bin}/bwrap                  rPUx,
   @{bin}/firejail               rPUx,

apparmor.d/abstractions/app/bus

@@ -4,6 +4,8 @@
 
 # Minimal set of rules for dbus-send/dbus-launch.
 
+  abi <abi/4.0>,
+
   include <abstractions/nameservice-strict>
 
   @{bin}/dbus-launch  mix,

apparmor.d/abstractions/app/chromium

@@ -16,6 +16,8 @@
 # or abstractions/common/electron instead.
 #
 
+  abi <abi/4.0>,
+
   include <abstractions/audio-client>
   include <abstractions/bus-session>
   include <abstractions/bus-system>

apparmor.d/abstractions/app/editor

@@ -3,6 +3,8 @@
 # Copyright (C) 2024 Zane Zakraisek <zz@eng.utah.edu>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   include <abstractions/nameservice-strict>
   include <abstractions/consoles>
 

apparmor.d/abstractions/app/firefox

@@ -12,6 +12,8 @@
 # @{cache_dirs} = @{user_cache_dirs}/mozilla/
 #
 
+  abi <abi/4.0>,
+
   include <abstractions/audio-client>
   include <abstractions/bus-session>
   include <abstractions/bus-system>

apparmor.d/abstractions/app/kmod

@@ -2,6 +2,8 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   include <abstractions/consoles>
 
   @{bin}/depmod    mr,

apparmor.d/abstractions/app/open

@@ -4,6 +4,8 @@
 
 # Full set of rules for child-open-* profiles.
 
+  abi <abi/4.0>,
+
   include <abstractions/desktop>
 
   @{open_path} mrix,

apparmor.d/abstractions/app/pgrep

@@ -4,6 +4,8 @@
 
 # Minimal set of rules for pgrep/pkill.
 
+  abi <abi/4.0>,
+
   include <abstractions/consoles>
 
   capability sys_ptrace,

apparmor.d/abstractions/app/pkexec

@@ -4,6 +4,8 @@
 
 # Minimal set of rules for pkexec.
 
+  abi <abi/4.0>,
+
   include <abstractions/authentication>
   include <abstractions/bus-system>
   include <abstractions/consoles>

apparmor.d/abstractions/app/sudo

@@ -4,6 +4,8 @@
 
 # Minimal set of rules for sudo. Interactive sudo need more rules.
 
+  abi <abi/4.0>,
+
   include <abstractions/authentication>
   include <abstractions/bus-system>
   include <abstractions/consoles>

apparmor.d/abstractions/app/systemctl

@@ -2,6 +2,8 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   include <abstractions/bus-system>
   include <abstractions/consoles>
 

apparmor.d/abstractions/app/udevadm

@@ -2,6 +2,8 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   ptrace read peer=@{p_systemd},
 
   @{bin}/udevadm mr,

apparmor.d/abstractions/audio-client

@@ -5,6 +5,8 @@
 # Most programs do not need access to audio devices, audio-client only includes
 # configuration files to be used by client applications.
 
+  abi <abi/4.0>,
+
   /usr/share/alsa/{,**} r,
   /usr/share/openal/hrtf/{,**} r,
   /usr/share/pipewire/client-rt.conf r,

apparmor.d/abstractions/audio-server

@@ -5,6 +5,8 @@
 # Provide access to audio devices. It should only be used by audio servers that
 # need direct access to them. 
 
+  abi <abi/4.0>,
+
   include <abstractions/audio-client>
 
   @{run}/udev/data/+sound:card@{int} r,   # for sound card

apparmor.d/abstractions/bash-strict

@@ -5,6 +5,8 @@
 # This abstraction is only required when an interactive shell is started.
 # Classic shell scripts do not need it.
 
+  abi <abi/4.0>,
+
   /usr/share/bash-completion/{,**} r,
   /usr/share/terminfo/{,**} r,
 

apparmor.d/abstractions/bus-accessibility

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=accessibility path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus
        member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}

apparmor.d/abstractions/bus-session

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   unix (bind, listen) type=stream addr="@/tmp/dbus-*",
   unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*",
   unix (connect, send, receive, accept) type=stream peer=(addr="@/tmp/dbus-*"),

apparmor.d/abstractions/bus-system

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus
        member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}

apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry

@@ -4,6 +4,8 @@
 
 # Access required for connecting to/communicating with the Unity Launcher
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/com/canonical/unity/launcherentry/@{int}
        interface=com.canonical.Unity.LauncherEntry
        member=Update

apparmor.d/abstractions/bus/com.canonical.dbusmenu

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
 
   include if exists <abstractions/bus/com.canonical.dbusmenu.d>
 

apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/fi/w1/wpa_supplicant1
        interface=org.freedesktop.DBus.Properties
        member={GetAll,PropertiesChanged}

apparmor.d/abstractions/bus/net.hadess.PowerProfiles

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/net/hadess/PowerProfiles
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/net.hadess.SwitcherooControl

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/net/hadess/SwitcherooControl
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/net.reactivated.Fprint

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/net/reactivated/Fprint/Manager
        interface=net.reactivated.Fprint.Manager
        member={GetDevices,GetDefaultDevice}

apparmor.d/abstractions/bus/org.a11y

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   # Accessibility bus
 
   dbus receive bus=accessibility path=/org/a11y/atspi/registry

apparmor.d/abstractions/bus/org.bluez

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus receive bus=system path=/
        interface=org.freedesktop.DBus.ObjectManager
        member=InterfacesRemoved

apparmor.d/abstractions/bus/org.freedesktop.Accounts

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/Accounts
        interface=org.freedesktop.Accounts
        member={FindUserByName,ListCachedUsers}

apparmor.d/abstractions/bus/org.freedesktop.Avahi

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/
        interface=org.freedesktop.DBus.Peer
        member=Ping

apparmor.d/abstractions/bus/org.freedesktop.ColorManager

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/ColorManager
        interface=org.freedesktop.ColorManager
        member=GetDevices

apparmor.d/abstractions/bus/org.freedesktop.FileManager1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/freedesktop/FileManager1
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.freedesktop.GeoClue2

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/GeoClue2/Manager
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.freedesktop.ModemManager1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/ModemManager1
        interface=org.freedesktop.DBus.ObjectManager
        member=GetManagedObjects

apparmor.d/abstractions/bus/org.freedesktop.NetworkManager

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop
        interface=org.freedesktop.DBus.ObjectManager
        member=GetManagedObjects

apparmor.d/abstractions/bus/org.freedesktop.Notifications

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/freedesktop/Notifications
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.freedesktop.PackageKit

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/PackageKit
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority
        interface=org.freedesktop.PolicyKit1.Authority
        member=Changed

apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/RealtimeKit1
        interface=org.freedesktop.DBus.Properties
        member=Get

apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/ScreenSaver
        interface=org.freedesktop.ScreenSaver
        member={Inhibit,UnInhibit}

apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint
        interface=org.freedesktop.DBus.Peer
        member=Ping

apparmor.d/abstractions/bus/org.freedesktop.UDisks2

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/UDisks2
        interface=org.freedesktop.DBus.ObjectManager
        member=GetManagedObjects

apparmor.d/abstractions/bus/org.freedesktop.UPower

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/UPower
        interface=org.freedesktop.UPower
        member=EnumerateDevices

apparmor.d/abstractions/bus/org.freedesktop.background.Monitor

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/freedesktop/background/monitor
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.freedesktop.hostname1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/hostname1
        interface=org.freedesktop.DBus.Properties
        member={Get,GetAll}

apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.freedesktop.locale1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/locale1
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.freedesktop.login1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/login1
        interface=org.freedesktop.DBus.Properties
        member={Get,GetAll}

apparmor.d/abstractions/bus/org.freedesktop.login1.Session

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/login1
        interface=org.freedesktop.login1.Manager
        member=GetSession

apparmor.d/abstractions/bus/org.freedesktop.network1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/network1
        interface=org.freedesktop.DBus.Properties
        member=Get

apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/freedesktop/portal/desktop
        interface=org.freedesktop.DBus.Properties
        member={Get,GetAll,Read}

apparmor.d/abstractions/bus/org.freedesktop.resolve1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/resolve1
        interface=org.freedesktop.resolve1.Manager
        member={SetLink*,ResolveHostname}

apparmor.d/abstractions/bus/org.freedesktop.secrets

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/freedesktop/secrets{,/**}
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.freedesktop.systemd1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/systemd1
        interface=org.freedesktop.DBus.Properties
        member={Get,GetAll}

apparmor.d/abstractions/bus/org.freedesktop.systemd1-session

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/freedesktop/systemd1
        interface=org.freedesktop.DBus.Properties
        member={Get,GetAll}

apparmor.d/abstractions/bus/org.freedesktop.timedate1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/freedesktop/timedate1
        interface=org.freedesktop.DBus.Properties
        member=Get

apparmor.d/abstractions/bus/org.gnome.ArchiveManager1

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gnome/ArchiveManager1
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.gnome.DisplayManager

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=system path=/org/gnome/DisplayManager/Manager
        interface=org.gnome.DisplayManager.Manager
        member=RegisterDisplay

apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
        interface=org.gnome.Mutter.DisplayConfig
        member={GetResources,GetCrtcGamma}

apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gnome/Mutter/IdleMonitor
        interface=org.freedesktop.DBus.ObjectManager
        member=GetManagedObjects

apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gnome/Nautilus/FileOperations2
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.gnome.ScreenSaver

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gnome/ScreenSaver
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.gnome.SessionManager

@@ -4,6 +4,8 @@
 
 # FIXME: Too large, restrict it.
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gnome/SessionManager
        interface=org.gnome.SessionManager
        member={RegisterClient,IsSessionRunning}

apparmor.d/abstractions/bus/org.gnome.Shell.Introspect

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gnome/Shell/Introspect
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor
        interface=org.gtk.Private.RemoteVolumeMonitor
        member={List,IsSupported,VolumeChanged,VolumeMount,MountAdded}

apparmor.d/abstractions/bus/org.gtk.vfs.Daemon

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gtk/vfs/Daemon
        interface=org.gtk.vfs.Daemon
        member={GetConnection,ListMonitorImplementations,ListMountableInfo}

apparmor.d/abstractions/bus/org.gtk.vfs.Metadata

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gtk/vfs/metadata
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/org/gtk/vfs/mounttracker
        interface=org.gtk.vfs.MountTracker
        member=ListMountableInfo

apparmor.d/abstractions/bus/org.kde.StatusNotifierItem

@@ -2,6 +2,7 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
 
   include if exists <abstractions/bus/org.kde.StatusNotifierItem.d>
 

apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/StatusNotifierWatcher
        interface=org.freedesktop.DBus.Properties
        member=Get

apparmor.d/abstractions/bus/org.kde.kwalletd

@@ -2,6 +2,8 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   include if exists <abstractions/bus/org.kde.kwalletd.d>
 
 # vim:syntax=apparmor

apparmor.d/abstractions/common/app

@@ -9,6 +9,8 @@
 # applications (bwrap) that have no way to restrict access depending on the
 # application being confined.
 
+  abi <abi/4.0>,
+
   include <abstractions/audio-client>
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>

apparmor.d/abstractions/common/apt

@@ -3,6 +3,8 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   /usr/share/dpkg/cputable r,
   /usr/share/dpkg/tupletable r,
 

apparmor.d/abstractions/common/bwrap

@@ -7,6 +7,8 @@
 # - the flag: attach_disconnected
 # - bwrap execution: '@{bin}/bwrap rix,'
 
+  abi <abi/4.0>,
+
   userns,
 
   capability net_admin,

apparmor.d/abstractions/common/chromium

@@ -6,6 +6,8 @@
 # This abstraction is for chromium based application. Chromium based browsers
 # need to use abstractions/chromium instead.
 
+  abi <abi/4.0>,
+
   userns,
 
   capability setgid, # If kernel.unprivileged_userns_clone = 1

apparmor.d/abstractions/common/electron

@@ -12,6 +12,8 @@
 # @{cache_dirs} = @{user_cache_dirs}/@{name}
 #
 
+  abi <abi/4.0>,
+
   include <abstractions/dconf-write>
   include <abstractions/desktop>
   include <abstractions/graphics>

apparmor.d/abstractions/common/game

@@ -10,6 +10,8 @@
 #   (Default: @{XDG_GAMESSTUDIO_DIR}="unity3d")
 # - @{user_games_dirs} for user specific game directories (eg: steam storage dir)
 
+  abi <abi/4.0>,
+
   include <abstractions/audio-client>
   include <abstractions/desktop>
   include <abstractions/devices-usb>

apparmor.d/abstractions/common/gnome

@@ -4,6 +4,8 @@
 
 # Minimal set of rules for all gnome based UI application.
 
+  abi <abi/4.0>,
+
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
   include <abstractions/bus/org.a11y>

apparmor.d/abstractions/common/steam-game

@@ -2,6 +2,8 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   include <abstractions/common/game>
 
   @{lib_dirs}/ r,

apparmor.d/abstractions/common/systemd

@@ -3,6 +3,8 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   ptrace read peer=@{p_systemd},
 
   @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,

apparmor.d/abstractions/dconf-write

@@ -5,6 +5,8 @@
 # Permissions for querying dconf settings with write access; use the dconf
 # abstraction first, and dconf-write only for specific application's profile.
 
+  abi <abi/4.0>,
+
   dbus send bus=session path=/ca/desrt/dconf/Writer/user
        interface=ca.desrt.dconf.Writer
        member=Change

apparmor.d/abstractions/deny-sensitive-home

@@ -11,6 +11,8 @@
 
 # The only legitimate use in this project is for file browser and search engine.
 
+  abi <abi/4.0>,
+
   # User defined private directories
   deny @{HOMEDIRS}/**/@{XDG_PRIVATE_DIR}/{,**}  mrxwlk,
   deny @{MOUNTS}/**/@{XDG_PRIVATE_DIR}/{,**}    mrxwlk,

apparmor.d/abstractions/desktop

@@ -7,6 +7,8 @@
 # When supported in apparmor, condition will be used in this abstraction to filter
 # resources specific for supported DE.
 
+  abi <abi/4.0>,
+
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/gtk>

apparmor.d/abstractions/devices-usb

@@ -3,6 +3,8 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   /dev/ r,
   /dev/bus/usb/ r,
   /dev/bus/usb/@{int}/ r,

apparmor.d/abstractions/disks-read

@@ -5,6 +5,8 @@
 
   # The /sys/ entries probably should be tightened
 
+  abi <abi/4.0>,
+
   /dev/ r,
   /dev/block/ r,
   /dev/disk/{,*/} r,

apparmor.d/abstractions/disks-write

@@ -5,6 +5,8 @@
 
   # The /sys/ entries probably should be tightened
 
+  abi <abi/4.0>,
+
   /dev/ r,
   /dev/block/ r,
   /dev/disk/{,*/} r,

apparmor.d/abstractions/dri

@@ -6,6 +6,8 @@
 # Linux graphics stack which allows unprivileged user-space programs to issue 
 # commands to graphics hardware without conflicting with other programs.
 
+  abi <abi/4.0>,
+
   @{lib}/dri/**                 mr,
   @{lib}/@{multiarch}/dri/**    mr,
   @{lib}/fglrx/dri/**           mr,

apparmor.d/abstractions/fish

@@ -5,6 +5,8 @@
 # This abstraction is only required when an interactive shell is started.
 # Classic shell scripts do not need it.
 
+  abi <abi/4.0>,
+
   /usr/share/fish/{,**} r,
 
   /etc/fish/{,**} r,

apparmor.d/abstractions/fontconfig-cache-read

@@ -9,6 +9,8 @@
   # fontconfig cache if some cache files are missing, so if this behavior is desirable, you can use
   # the "fontconfig-cache-write" abstraction.
 
+  abi <abi/4.0>,
+
        owner @{user_cache_dirs}/fontconfig/ r,
   deny       @{user_cache_dirs}/fontconfig/ w,
   deny       @{user_cache_dirs}/fontconfig/** w,

apparmor.d/abstractions/fontconfig-cache-write

@@ -3,6 +3,8 @@
 # Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   owner @{user_cache_dirs}/fontconfig/ rw,
   owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw,
   owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk,

apparmor.d/abstractions/glfw

@@ -2,6 +2,8 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   owner @{run}/user/@{uid}/glfw-shared-@{rand6} rw,
 
   include if exists <abstractions/glfw.d>

apparmor.d/abstractions/gnome-strict

@@ -2,6 +2,8 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/gtk>

apparmor.d/abstractions/graphics

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   include <abstractions/dri>
   include <abstractions/mesa>
   include <abstractions/nvidia-strict>

apparmor.d/abstractions/graphics-full

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   include <abstractions/graphics>
 
   /dev/char/@{dynamic}:@{int} w,          # For dynamic assignment range 234 to 254, 384 to 511

apparmor.d/abstractions/gstreamer

@@ -3,6 +3,8 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   @{lib}/@{multiarch}/libproxy/*/modules/*.so mr,
   @{lib}/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so mr,
   @{lib}/frei0r-@{int}/*.so mr,

apparmor.d/abstractions/kde-strict

@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/qt5>

apparmor.d/abstractions/nameservice-strict

@@ -6,6 +6,8 @@
 # Many programs wish to perform nameservice-like operations, such as looking up
 # users by name or id, groups by name or id, hosts by name or IP, etc.
 
+  abi <abi/4.0>,
+
   include <abstractions/nss-systemd>
 
   @{etc_ro}/default/nss r,
@@ -33,6 +35,6 @@
   @{run}/systemd/resolve/resolv.conf r,
   @{run}/systemd/resolve/stub-resolv.conf r,
 
-  include if exists <abstractions/nameservice-strict.d> 
+  include if exists <abstractions/nameservice-strict.d>
 
 # vim:syntax=apparmor

apparmor.d/abstractions/nvidia-strict

@@ -2,6 +2,8 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   @{bin}/nvidia-modprobe Px -> child-modprobe-nvidia,
 
   /usr/share/nvidia/nvidia-application-profiles-* r,

apparmor.d/abstractions/qt5-shader-cache

@@ -3,6 +3,8 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+  abi <abi/4.0>,
+
   owner @{user_cache_dirs}/ w,
   owner @{user_cache_dirs}/qtshadercache/ rw,
   owner @{user_cache_dirs}/qtshadercache/#@{int} rw,