[apparmor] FatRat profile

["Артём Н."]

Profile for the FatRat download manager.
I didn't test it carefully, but it works.

-----
#
# FatRat apparmor profile.
#

# vim:syntax=apparmor

# Last Modified: Sun Feb 17 10:43:47 2013
# Author: Artiom N. <artiom14 at yandex.ru>

#include <tunables/global>

/usr/bin/fatrat {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/fonts>
  #include <abstractions/freedesktop.org>
  #include <abstractions/kde>
  #include <abstractions/gnome>
  #include <abstractions/user-download>

  # Not needed.
  # #include <abstractions/ubuntu-bittorrent-clients>

  # Paranoia.
  #include <abstractions/private-files-strict>

  /usr/bin/fatrat                             mr,

  /usr/bin/xdg-open                           rmix,
  /usr/lib/fatrat/**                          rmk,
  /usr/share/fatrat/**                        rmk,
  /usr/share/kde*/**                          rm,
  /usr/share/lintian/overrides/fatrat-data    r,

  owner @{PROC}/*/                            r,
#  owner @{PROC}/net/dev                       r,
  # root, root
  @{PROC}/*/net/dev                           r,

  /home/                                      r,
  owner @{HOME}/.config/Dolezel/fatrat.conf   rwk,
  owner @{HOME}/.kde/share/config/kdebugrc    r,
  owner @{HOME}/.kde/share/config/kdeglobals  rk,
  owner @{HOME}/.kde/share/icons/**           rk,
  owner @{HOME}/.local/share/fatrat/          rwk,
  owner @{HOME}/.local/share/fatrat/**        rwmk,

  # Optional.
  deny @{HOME}/Desktop/                       rwmkl,
  deny @{HOME}/Desktop/**                     rwmkl,

}
-----

Also I've added @{TORRENT_CLIENT} in tunables/global and I've granted
permissions on execution it in browser's rules.

tunables/global:
@{TORRENT_CLIENT}=/usr/bin/fatrat

abstractions/ubuntu-browsers.d/other (file, included in browser's profiles):
@{TORRENT_CLIENT} rPx,