Problem: xinput can still read keystrokes addressed to other windows, even when presented an empty AppArmor profile (such as one attached).
How to test: copy xinput to /home/me/copy-of-xinput, launch it with "xinput list" to see ID for your primary keyboard, then do "xinput test <id>" and watch it register every keystroke (for example, those entered in sudo in neighboring terminal).
If I strace it, I can see that xinput succeeds opening /tmp/.X11-unix/X0 (an Unix socket), which should, by my understanding, be denied by the profile ("deny network"). The exact call sequence is:
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_FILE, path=@"/tmp/.X11-unix/X0"}, 20) = 0
(followed by loads of recvfrom(3, ...) after poll() call)
I brought this up on #apparmor at OFTC and sarnold said that AppArmor currently doesn't handle IPC well.
AppArmor has IPC mediation of the form you describe in 2.9.