abi <abi/4.0>,

include <tunables/global>

profile claws-mail /usr/bin/claws-mail {
  include <abstractions/base>
  include <abstractions/nameservice>
  include <abstractions/openssl>
  include <abstractions/ssl_certs>
  include <abstractions/X>
  include <abstractions/fonts>
  include <abstractions/gtk>
  include <abstractions/gnome>
  include <abstractions/enchant>
  include <abstractions/dconf>

  /usr/bin/claws-mail rmix,

  /usr/share/claws-mail/** r,
  /usr/lib{64,}/claws-mail/plugins/*.so rm,

  network inet  stream,
  network inet6 stream,

  /proc/@{pid}/fd/ r,

  # TODO: should be in abstractions/X
  owner /run/user/*/ICEauthority rw,


  # new in 3.18 (might be related to oauth support)
  owner /run/user/*/claws-mail/ rw,
  owner /run/user/*/claws-mail/** rwlk,

  owner @{HOME}/               r,
  owner @{HOME}/Downloads/     r,
  owner @{HOME}/Downloads/**   rwlk,
  owner @{HOME}/.claws-mail/** rwlk,
  owner @{HOME}/.claws-mail/   rw,
  owner @{HOME}/.signature*    rwlk,
  owner @{HOME}/.cache/thumbnails/** r,
  include <abstractions/private-files-strict>

  # TODO: shouldnt this be in abstractions/dconf
  owner /run/user/*/dconf/user rw,

  # TODO
  /usr/bin/gpgconf Ux,
  /usr/bin/gpgsm   Ux,
  /usr/bin/gpg2    Ux,
  /usr/bin/gpg     Ux,

  deny /usr/bin/xdg-open x,

  include if exists <local/usr.bin.claws-mail>
  include if exists <local/claws-mail>
}
