# vim:syntax=apparmor

# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via gvfs-open helper.
#
# NOTE: most likely you want to use xdg-open abstraction instead for better
# portability across desktop environments, unless you are sure that confined
# application only uses /usr/bin/gvfs-open directly.
#
# Usage example:
#
# ```
# profile foo /usr/bin/foo {
# ...
# /usr/bin/gvfs-open rPx -> foo//gvfs-open,
# ...
# } # end of main profile
#
# # out-of-line child profile
# profile foo//gvfs-open {
#   #include <abstractions/gvfs-open>
#
#   # needed for ubuntu-* abstractions
#   #include <abstractions/ubuntu-helpers>
#
#   # Only allow to handle http[s]: and mailto: links
#   #include <abstractions/ubuntu-browsers>
#   #include <abstractions/ubuntu-email>
#
#   # < add additional allowed applications here >
# }
# ```

  #include <abstractions/base>

  # gvfs-open is deprecated, it launches gio open <uri>
  #include <abstractions/gio-open>

  # Main executables

  /usr/bin/gvfs-open r,
  /{,usr/}bin/dash mr,

  # Include additions to the abstraction
  #include if exists <abstractions/gvfs-open.d>