feat(abs): add the wine abstraction.

apparmor.d/abstractions/wine

@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <[email protected]>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Basic set of resources for wine regardless of the installation method (system or through a game launcher).
+
+  abi <abi/4.0>,
+
+  owner @{user_share_dirs}/applications/wine/ rw,
+  owner @{user_share_dirs}/applications/wine/**/ rw,
+
+  owner @{tmp}/.wine-@{uid}/ rw,
+  owner @{tmp}/.wine-@{uid}/** rwk,
+
+  owner /dev/shm/wine-@{hex6}-fsync rw,
+  owner /dev/shm/wine-@{hex6}@{h}-fsync rw,
+
+  include if exists <abstractions/wine.d>
+
+# vim:syntax=apparmor

apparmor.d/profiles-s-z/steam-game-proton

@@ -18,6 +18,7 @@ profile steam-game-proton @{exec_path} flags=(attach_disconnected,complain) {
   include <abstractions/common/bwrap>
   include <abstractions/common/steam-game>
   include <abstractions/python>
+  include <abstractions/wine>
 
   capability dac_override,
   capability dac_read_search,
@@ -79,19 +80,11 @@ profile steam-game-proton @{exec_path} flags=(attach_disconnected,complain) {
   owner @{share_dirs}/legacycompat/** mr,
   owner @{share_dirs}/steamapps/compatdata/{,**} rwk,
 
-  owner @{user_share_dirs}/applications/wine/ rw,
-  owner @{user_share_dirs}/applications/wine/**/ rw,
-
-  owner @{tmp}/.wine-@{uid}/ rw,
-  owner @{tmp}/.wine-@{uid}/** rwk,
   owner @{tmp}/glx-icds-@{rand6}/{,**} w,
   owner @{tmp}/pressure-vessel-*-@{rand6}/ rw,
   owner @{tmp}/pressure-vessel-*-@{rand6}/** rwlk -> @{tmp}/pressure-vessel-*-@{rand6}/**,
   owner @{tmp}/vdpau-drivers-@{rand6}/{,**} w,
 
-  owner /dev/shm/wine-@{hex6}-fsync rw,
-  owner /dev/shm/wine-@{hex6}@{h}-fsync rw,
-
         @{run}/host/fonts/{,**} r,
         @{run}/host/share/{,**} r,
         @{run}/host/usr/{,**} r,