Apparmor rule request - .hidden file

.hidden’s should be allowed to be read by any app confined to users’s home.

This way file picker dialog in confined apps will be able to hide unneeded thing.

I don’t think there is a security threat in doing so, so why not?

Something like this should be enough:

# allow reading .hidden files
owner @{HOME}/**/.hidden r,
owner @{HOME}/.hidden r,

There is a personal files interface you can use.

Note that the home interface will grant access to most .hidden files apart from ~/.hidden (i.e. the one directly in the user’s home directory).

If the aim is to present a file chooser consistent with unconfined apps on the host system, it’s probably better to rely on xdg-desktop-portal though: access to ~/.hidden is just one of the many differences.