From ad0a6ac6bfdda4298a276ddef0ca0f1fb5a64fa1 Mon Sep 17 00:00:00 2001
From: Steve Beattie <gitlab@nxnw.org>
Date: Mon, 8 Feb 2021 05:55:31 +0000
Subject: [PATCH] profiles: add new deny path for kwallet (used in KDE 5)

Reported on IRC by finalspacevoid

Acked-by: Steve Beattie <steve@nxnw.org>
Merge branch 'cboltz-kwallet-path' into 'master'
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/704

(cherry picked from commit 15e897cad0023ee5890c1e45ccd674f01bbc6ad1)
(Fixed up conflict due to 2.13 not containing the include rule for
 abstractions/private-files-strict.d/)
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
---
 profiles/apparmor.d/abstractions/private-files-strict         | 2 +-
 profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/abstractions/private-files-strict b/profiles/apparmor.d/abstractions/private-files-strict
index 31934318f..c2891cbc4 100644
--- a/profiles/apparmor.d/abstractions/private-files-strict
+++ b/profiles/apparmor.d/abstractions/private-files-strict
@@ -22,4 +22,4 @@
   audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w,
   audit deny @{HOME}/.kde{,4}/share/apps/kmail{,2}/{,**} mrwkl,
   audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,
-
+  audit deny @{HOME}/.local/share/kwalletd/{,**} mrwkl,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
index ffe68245b..8f1c21f7b 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
@@ -12,6 +12,7 @@
   audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
   audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w,
   audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,
+  audit deny @{HOME}/.local/share/kwalletd/{,**} mrwkl,
 
   # Comment this out if using gpg plugin/addons
   audit deny @{HOME}/.gnupg/{,**} mrwkl,