# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# Instead of allowing the run of all software in @{bin}/, @{lib} the purpose of
# this abstraction is to list all GUI program that can open resources.

# Ultimately, only sandbox manager such as like bwrap, snap, flatpak, firejail
# should be present here. Until this day, this profile will be a controlled mess.

  # Sandbox managers
  @{bin}/bwrap                  rpux,
  @{bin}/firejail               rpux,
  @{bin}/flatpak                rpux,
  @{bin}/snap                   rpux,

  # Labeled programs
  @{archive_viewers_path}       rpux,
  @{browsers_path}              rpx,
  @{document_viewers_path}      rpux,
  @{emails_path}                rpux,
  @{file_explorers_path}        rpx,
  @{help_path}                  rpx,
  @{image_viewers_path}         rpux,
  @{offices_path}               rpux,
  @{text_editors_path}          rpux,

  # Others
  @{bin}/blueman-tray           rpx,
  @{bin}/discord{,-ptb}         rpx,
  @{bin}/draw.io                rpux,
  @{bin}/dropbox                rpx,
  @{bin}/element-desktop        rpx,
  @{bin}/extension-manager      rpx,
  @{bin}/filezilla              rpx,
  @{bin}/flameshot              rpx,
  @{bin}/gimp*                  rpux,
  @{bin}/gnome-calculator       rpux,
  @{bin}/gnome-disk-image-mounter rpx,
  @{bin}/gnome-disks            rpx,
  @{bin}/gwenview               rpux,
  @{bin}/kgx                    rpx,
  @{bin}/qbittorrent            rpx,
  @{bin}/qpdfview               rpx,
  @{bin}/smplayer               rpx,
  @{bin}/steam-runtime          rpux,
  @{bin}/telegram-desktop       rpx,
  @{bin}/transmission-gtk       rpx,
  @{bin}/viewnior               rpux,
  @{bin}/vlc                    rpux,
  @{bin}/xbrlapi 	              rpx,


  @{lib}/YaST2/** rpux,


  include if exists <abstractions/app-open.d>

# vim:syntax=apparmor
