# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2009 Novell/SUSE
#    Copyright (C) 2009-2011 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/X>
#include <abstractions/freedesktop.org>
#include <abstractions/xdg-desktop>
#include <abstractions/user-tmp>
#include <abstractions/wayland>

  # systemwide gtk defaults
  /etc/gnome/gtkrc*               r,
  /etc/gtk/*                      r,
  /usr/lib{,32,64}/gtk/**         mr,
  /usr/lib/@{multiarch}/gtk/**    mr,
  /usr/lib{,32,64}/gtk-[0-9]*/**  mr,
  /usr/lib/@{multiarch}/gtk-[0-9]*/** mr,
  /usr/share/themes/              r,
  /usr/share/themes/**            r,
  /usr/share/gtk-3.0/settings.ini r,

  # for gnome 1 applications
  /etc/orbitrc                    r,

  # gtk-2 needed some new rights
  /etc/fonts/*                    r,
  /etc/gtk-*/*                    r,
  /etc/pango/*                    r,
  /usr/lib{,32,64}/pango/**       mr,
  /usr/lib{,32,64}/gtk-*/**       mr,
  /usr/lib{,32,64}/gdk-pixbuf-*/** mr,
  /usr/lib/@{multiarch}/pango/**        mr,
  /usr/lib/@{multiarch}/gtk-*/**        mr,
  /usr/lib/@{multiarch}/gdk-pixbuf-*/** mr,

  # per-user gtk configuration
  owner @{HOME}/.config/gtk-3.0/        w,
  owner @{HOME}/.config/gtk-3.0/*       r,
  owner @{HOME}/.gnome/Gnome            r,
  owner @{HOME}/.gtk                    r,
  owner @{HOME}/.gtkrc                  r,
  owner @{HOME}/.gtkrc-2.0              r,
  owner @{HOME}/.gtk-bookmarks          r,
  owner @{HOME}/.themes/                r,
  owner @{HOME}/.themes/**              r,
  owner @{user_share_dirs}/themes/      r,
  owner @{user_share_dirs}/themes/**    r,

  # for gtk file dialog
  owner @{HOME}/.config/gtk-2.0/                    w,
  owner @{HOME}/.config/gtk-2.0/**                  r,
  owner @{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw,

  # from evolution-mail
  owner @{HOME}/.gconfd/lock/*                      r,
  owner @{HOME}/.gnome/application-info             r,

  # per-user font business
  owner @{HOME}/.fonts.cache-*    rwl,

  # GtkComposeTable
  owner @{HOME}/.cache/gtk-3.0/** r,

  # icon caches
  /var/cache/**/icon-theme.cache  r,
  /usr/share/**/icon-theme.cache  r,

  # GLib schemas
  /usr/{local/,}share/glib-[0-9]*/schemas/   r,
  /usr/{local/,}share/glib-[0-9]*/schemas/** r,

  # gnome VFS modules
  /etc/gnome-vfs-2.0/modules/ r,
  /etc/gnome-vfs-2.0/modules/* r,
  /usr/lib/gnome-vfs-2.0/modules/*.so mr,
  /usr/lib/@{multiarch}/gnome-vfs-2.0/modules/*.so mr,

  # gvfs
  /usr/share/gvfs/remote-volume-monitors/  r,
  /usr/share/gvfs/remote-volume-monitors/* r,
  @{PROC}/@{pid}/mounts                    r,
  /run/mount/utab                          r,

  # printing
  /etc/papersize                   r,
  /etc/cups/lpoptions              r,
  /usr/share/cups/charmaps/**      r,

  # holds MIT-MAGIC-COOKIE for gnome
  owner /{,var/}run/gdm/auth*/database r,

  # mime-types
  /etc/gnome/defaults.list r,
  /etc/xdg/{,*-}mimeapps.list r,
  /usr/share/gnome/applications/ r,
  /usr/share/gnome/applications/mimeinfo.cache r,

  # Allow connecting to the GNOME vfs socket (still need corresponding DBus
  # rules)
  unix (send, receive, connect)
       type=stream
       peer=(addr="@/dbus-vfs-daemon/socket-*"),