From 7b7e98a5491ae50874ba6cee72ba8d2c1fb49743 Mon Sep 17 00:00:00 2001
From: Vincas Dargis <vindrg@gmail.com>
Date: Sat, 27 Jun 2020 11:48:22 +0300
Subject: [PATCH] Update fonts abstraction for Debian

Mikhail Morfikov has discovered [0] that some font packages in Debian
ships font files in /usr/bin/fonts-foo-bar (like
/usr/share/fonts-font-awesome/ for example). This produces denials for
GUI applications.

Update fonts abstraction to allow reading /usr/bin/fonts-* directories.

Also, refactor abstraction to aggregate two old rules into one.

Closes #94

[0] https://gitlab.com/apparmor/apparmor/-/issues/94
---
 profiles/apparmor.d/abstractions/fonts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/fonts b/profiles/apparmor.d/abstractions/fonts
index 3953a6187..402703d75 100644
--- a/profiles/apparmor.d/abstractions/fonts
+++ b/profiles/apparmor.d/abstractions/fonts
@@ -16,8 +16,8 @@
 
   /usr/lib/xorg/modules/fonts/**.so*    mr,
 
-  /usr/share/fonts/                     r,
-  /usr/share/fonts/**                   r,
+  /usr/share/fonts/{,**}                r,
+  /usr/share/fonts-*/{,**}              r,
 
   /etc/fonts/**                         r,
   # Debian, openSUSE paths are different