Tag profiles and abstractions with abi information.
Tagging abstractions is not strictly necessary but allows the parser
to detect when their is a mismatch and that policy will need an
update for abi.
We do not currently tag the tunables because variable declarations
are not currently affected by abi.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/491
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
Make kde-open5 abstraction more conservative by removing gstreamer
support by default. Update usage example to suggest conditionally including
gstreamer abstraction if required.
Update kde-open5 abstraction to not include accessibility abstraction by
default.
Update documentation to suggest adding it manually in child profile when
using kde-open5 if accessibility access is required by profile author.
Implement set of abstractions to handle opening uris via xdg-open and similar
helpers used on different desktop environments.
Abstractions are intended to be included into child profile, together
with bundle abstractions such as ubuntu-browsers, ubuntu-email and others, for
fine-grained control on what confined application can actually open via xdg-open
and similar helpers.
