AppArmor profiles for Onionshare, written by Tails developers

apparmor/usr.bin.onionshare-gui

@@ -0,0 +1,26 @@
+#include <tunables/global>
+
+/usr/bin/onionshare-gui flags=(complain) {
+  #include <abstractions/gnome>
+  #include <abstractions/ibus>
+  #include <abstractions/onionshare>
+
+  /usr/bin/ r,
+  /usr/bin/onionshare-gui r,
+  /proc/*/cmdline r,
+  /usr/share/icons/Adwaita/index.theme rwk,
+
+  # Why do these still emit audit journal entries?
+  owner @{HOME}/.config/ibus/bus/ rw,
+  owner @{HOME}/.config/ibus/bus/* rw,
+  deny @{HOME}/.ICEauthority r,
+
+  deny /{,lib/live/mount/rootfs/filesystem.squashfs/}etc/machine-id r,
+  deny /var/lib/dbus/machine-id.* rw,
+
+  # Accessibility support
+  owner /{,var/}run/user/*/at-spi2-*/ rw,
+  owner /{,var/}run/user/*/at-spi2-*/** rw,
+
+  #include <local/usr.bin.onionshare-gui>
+}