# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2017 Canonical Ltd
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# Provide full access to the secret-service API:
# - https://standards.freedesktop.org/secret-service/)
#
# The secret-service allows managing (add/delete/lock/etc) collections and
# (add/delete/etc) items within collections. The API also has the concept of
# aliases for collections which is typically used to access the default
# collection. While it would be possible for an application developer to use a
# snap-specific collection and mediate by object path, application developers
# are meant to instead to treat collections (typically the default collection)
# as a database of key/value attributes each with an associated secret that
# applications may query. Because AppArmor does not mediate member data,
# typical and recommended usage of the API does not allow for application
# isolation. For details, see:
# - https://standards.freedesktop.org/secret-service/ch03.html
#

  abi <abi/4.0>,

  include <abstractions/bus/session/org.freedesktop.Secret>
  include <abstractions/bus/session/org.kde.kwalletd>

  dbus send bus=session path=/org/gnome/keyring/daemon
       interface=org.gnome.keyring.Daemon
       member=GetEnvironment
       peer=(name=org.gnome.keyring, label=gnome-keyring-daemon),

  include if exists <abstractions/secrets-service.d>

# vim:syntax=apparmor
