[apparmor] Private directory

[Dmitry Kasatkin]

Hello,

I am looking for possibility to protect 'private' directory in Ubuntu.

As far as I can see, if executable has no profile then it is able to
access any file under home directory. If I add empty profile, then
access to any file is denied.

But what I want to achieve is that I can tell to apparmor to deny
access to certain directory by default and allow it by creating a
profile and allowing access to the file/folder.

Can anyone, please, to point me how to do it?

-- 
Thanks,
Dmitry