Code review comment for lp:~nskaggs/ubuntu-calendar-app/fix-ap-flo

It is a matter of security that the user is not able to modify the apparmor path directly. It must be done via a root process. Currently the phablet-tools will run 'aa-clickhook --include=/usr/share/autopilot-touch/apparmor/click.rules -f' as root before running the tests. My thought was that you would add these 'fake' paths to /usr/share/autopilot-touch/apparmor/click.rules so that when the phablet test tool is run, the paths are added to the profile accordingly.

It is possible to use globs though. So we can have rules like this:
  # Allow writes to various (application-specific) XDG directories
  owner /run/user/[0-9]*/autopilot/*/.cache/@{APP_PKGNAME}/ rw, # subdir of XDG_CACHE_HOME
  owner /run/user/[0-9]*/autopilot/*/.cache/@{APP_PKGNAME}/** mrwkl,
  owner /run/user/[0-9]*/autopilot/*/.config/@{APP_PKGNAME}/ rw, # subdir of XDG_CONFIG_HOME
  owner /run/user/[0-9]*/autopilot/*/.config/@{APP_PKGNAME}/** mrwkl,
  owner /run/user/[0-9]*/autopilot/*/.local/share/@{APP_PKGNAME}/ rw, # subdir of XDG_DATA_HOME
  owner /run/user/[0-9]*/autopilot/*/.local/share/@{APP_PKGNAME}/** mrwklix,
  owner /run/user/[0-9]*/autopilot/*/confined/@{APP_PKGNAME}/ rw, # subdir of XDG_RUNTIME_DIR
  owner /run/user/[0-9]*/autopilot/*/confined/@{APP_PKGNAME}/** mrwkl,

This way you could do could create a temporary directory (eg /run/user/32011/autopilot/tmpA34Hhh/) and do something like:
XDG_CACHE_HOME=/run/user/32011/autopilot/tmpA34Hhh/.cache
XDG_CONFIG_HOME=/run/user/32011/autopilot/tmpA34Hhh/.config
XDG_DATA_HOME=/run/user/32011/autopilot/tmpA34Hhh/.local/share
XDG_RUNTIME_DIR=/run/user/32011/autopilot/tmpA34Hhh/

Would this work better?