profiles: anki: fix dark mode detection & misc changes (#6581)

Relates to #6545.

etc/profile-a-l/anki.profile

@@ -6,8 +6,7 @@ include anki.local
 # Persistent global definitions
 include globals.local
 
-# Add the following to anki.local if you don't need media playing/recording
-# (lua is needed by mpv):
+# Add the following to anki.local if you don't need media playing/recording:
 #ignore include allow-lua.inc
 #machine-id
 #nosound
@@ -17,6 +16,12 @@ noblacklist ${HOME}/.config/mpv
 noblacklist ${HOME}/.local/share/Anki2
 noblacklist ${HOME}/.mplayer
 
+# sh and dbus-send are used by aqt/theme.py to query dark mode through
+# org.freedesktop.portal.Desktop.
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
+
+# Lua is required by mpv.
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 
@@ -57,15 +62,23 @@ novideo
 protocol unix,inet,inet6
 # QtWebengine needs chroot to set up its own sandbox
 seccomp !chroot
+seccomp.block-secondary
 
 disable-mnt
-private-bin anki,mplayer,mpv,python*
+# env is required for python scripts on Gentoo Linux.
+# anki uses mpv or mplayer for playing audio and uses lame to record audio.
+# sh and dbus-send are used by aqt/theme.py to query dark mode through
+# org.freedesktop.portal.Desktop.
+private-bin anki,dbus-send,env,lame,mplayer,mpv,python*,sh
 private-cache
 private-dev
 private-etc @tls-ca,@x11
 private-tmp
 
-dbus-user none
+dbus-user filter
+# org.freedesktop.portal.Desktop is queried for dark mode.
+dbus-user.talk org.freedesktop.portal.Desktop
 dbus-system none
 
+deterministic-shutdown
 #restrict-namespaces