From 8b481d469b7969dbf2573309fe8b91112e8529a5 Mon Sep 17 00:00:00 2001
From: Vincas Dargis <vindrg@gmail.com>
Date: Sun, 8 Dec 2019 15:53:36 +0200
Subject: [PATCH] kde-open5: do not enable gstreamer support by default

Make kde-open5 abstraction more conservative by removing gstreamer
support by default. Update usage example to suggest conditionally including
gstreamer abstraction if required.
---
 profiles/apparmor.d/abstractions/kde-open5 | 20 ++++----------------
 1 file changed, 4 insertions(+), 16 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/kde-open5 b/profiles/apparmor.d/abstractions/kde-open5
index cc4a3cdd9..4ff22e0da 100644
--- a/profiles/apparmor.d/abstractions/kde-open5
+++ b/profiles/apparmor.d/abstractions/kde-open5
@@ -31,6 +31,10 @@
 #   # (for message boxe in case exo-open fails)
 #   #include <abstractions/dbus-accessibility>
 #
+#   # Add if audio support for message box is
+#   # considered as required.
+#   #include if exists <abstractions/gstreamer>
+#
 #   # < add additional allowed applications here >
 # }
 # ```
@@ -54,14 +58,6 @@
   /usr/bin/kde-open5 rix,
   /usr/lib/@{multiarch}/libexec/kf5/kioslave{,5} ix,
 
-  # Other executables
-
-  /usr/lib/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner PUx, # for error message alert sound with gstreamer backend. TODO: use gstreamer abstraction ?
-
-  # Additional libraries
-
-  owner /{,var/}run/user/[0-9]*/orcexec.* rwm, # for error message alert sound with gstreamer backend. TODO: use gstreamer abstraction ?
-
   # DBus
 
   dbus
@@ -82,16 +78,9 @@
 
   # System files
 
-  /dev/ r, # for error message alert sound with gstreamer backend. TODO: use gstreamer abstraction ?
   /dev/tty r,
-  /dev/video[0-9]* rw, # for error message alert sound with gstreamer backend. TODO: use gstreamer abstraction ?
   /etc/xdg/accept-languages.codes r,
   /etc/xdg/menus/{,*/} r,
-  /run/udev/data/c* r, # for error message alert sound with gstreamer backend. TODO: use gstreamer abstraction ?
-  /sys/bus/ r, # for error message alert sound with gstreamer backend. TODO: use gstreamer abstraction ?
-  /sys/class/ r, # for error message alert sound with gstreamer backend. TODO: use gstreamer abstraction ?
-  /sys/class/video4linux/ r, # for error message alert sound with gstreamer backend. TODO: use gstreamer abstraction ?
-  /sys/devices/pci[0-9]*/**/uevent r, # for error message alert sound with gstreamer backend. TODO: use gstreamer abstraction ?
   /usr/share/*fonts*/conf.avail/*.conf r, # for openSUSE, when showing error message box
   /usr/share/ghostscript/fonts/ r, # for openSUSE, when showing error message box
   /usr/share/hwdata/pnp.ids r, # for openSUSE, when showing error message box, for QXcbConnection::initializeScreens() from libQt5XcbQpa.so
@@ -109,6 +98,5 @@
   owner /tmp/xauth-[0-9]*-_[0-9] r, # for libQt5XcbQpa.so
   owner /{,var/}run/user/[0-9]*/#[0-9]* rw, # for /run/user/1000/#13
   owner /{,var/}run/user/[0-9]*/kioclient*slave-socket lrw -> /{,var/}/run/user/[0-9]/#[0-9]*, # for KIO::Slave::holdSlave(QString const&, QUrl const&) () from libKF5KIOCore.so (not 100% sure)
-  owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/registry.*.bin{,.tmp*} rw, # for error message alert sound with gstreamer backend. TODO: use gstreamer abstraction ?
   owner @{HOME}/.cache/kio_http/ rw,