# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# Instead of allowing the run of all software in @{bin}/, @{lib} the purpose of
# this abstraction is to list all GUI program that can open resources.

# Ultimately, only sandbox manager such as like bwrap, snap, flatpak, firejail
# should be present here. Until this day, this profile will be a controlled mess.

  # Sandbox managers
  @{bin}/bwrap                  rPUx,
  @{bin}/firejail               rPUx,
  @{bin}/flatpak                rPUx,
  @{bin}/snap                   rPUx,

  # Files explorer
  @{bin}/nautilus               rPx,
  @{bin}/dolphin                rPx,

  # Browsers
  @{bin}/chromium               rPx,
  @{brave_path}                 rPx,
  @{chrome_path}                rPx,
  @{chromium_path}              rPx,
  @{firefox_path}               rPx,
  @{opera_path}                 rPx,

  # Text editors
  @{bin}/code                   rPUx,
  @{bin}/gedit                  rPUx,
  @{bin}/gnome-text-editor      rPUx,
  /usr/share/code/{bin/,}code   rPUx,

  # Emails
  @{thunderbird_path}           rPx,
  @{bin}/geany                  rPUx,

  # Documents viewers
  @{bin}/evince                 rPx,
  @{bin}/okular                 rPx,
  @{bin}/*{F,f}oliate           rPUx,
  @{bin}/YACReader              rPx,

  # Others
  @{bin}/blueman-tray           rPx,
  @{bin}/discord{,-ptb}         rPx,
  @{bin}/draw.io                rPUx,
  @{bin}/dropbox                rPx,
  @{bin}/element-desktop        rPx,
  @{bin}/engrampa               rPx,
  @{bin}/eog                    rPUx,
  @{bin}/extension-manager      rPx,
  @{bin}/file-roller            rPUx,
  @{bin}/filezilla              rPx,
  @{bin}/flameshot              rPx,
  @{bin}/flatpak                rPUx,
  @{bin}/gimp*                  rPUx,
  @{bin}/gnome-calculator       rPUx,
  @{bin}/gnome-disk-image-mounter rPx,
  @{bin}/gnome-disks            rPx,
  @{bin}/gwenview               rPUx,
  @{bin}/kgx                    rPx,
  @{bin}/okular                 rPx,
  @{bin}/qbittorrent            rPx,
  @{bin}/qpdfview               rPx,
  @{bin}/smplayer               rPx,
  @{bin}/spacefm                rPx,
  @{bin}/steam-runtime          rPUx,
  @{bin}/teams                  rPUx,
  @{bin}/telegram-desktop       rPx,
  @{bin}/transmission-gtk       rPx,
  @{bin}/viewnior               rPUx,
  @{bin}/vlc                    rPUx,
  @{bin}/xarchiver              rPx,
  @{bin}/xbrlapi 	              rPx,
  @{bin}/yelp                   rPUx,
  @{lib}/libreoffice/program/{soffice{,.bin},oosplash} rPUx,

  include if exists <abstractions/app-open.d>
