tty and pts are part of abstractions/consoles

apparmor.d/groups/freedesktop/fc-cache

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache{,-32,-v*}
 profile fc-cache @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/fonts>
   include <abstractions/fontconfig-cache-write>
 

apparmor.d/groups/freedesktop/plymouth

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/plymouth
 profile plymouth @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   unix (send, receive, connect) type=stream peer=(addr="@/org/freedesktop/plymouthd"),
 

apparmor.d/groups/freedesktop/xdg-mime

@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/xdg-mime
 profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/freedesktop.org>
 
   @{exec_path} r,
@@ -47,7 +48,6 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r,
 
   /dev/dri/card[0-9]* rw,
-  /dev/tty rw,
 
   # When xdg-mime is run as root, it wants to exec dbus-launch, and hence it creates the two
   # following root processes:

apparmor.d/groups/freedesktop/xdg-open

@@ -10,6 +10,7 @@ include <tunables/global>
 profile xdg-open @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/consoles>
   include <abstractions/app-launcher-user>
 
   @{exec_path} r,
@@ -50,7 +51,6 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) {
 
   # file_inherit
   /dev/dri/card[0-9]* rw,
-  /dev/tty rw,
 
   profile dbus {
     include <abstractions/base>

apparmor.d/groups/freedesktop/xkbcomp

@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/xkbcomp
 profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
   unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
@@ -32,7 +33,6 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   owner /tmp/server-[0-9]*.xkm rwk,
 
   /dev/dri/card[0-9]* rw,
-  /dev/tty rw,
   /dev/tty[0-9]* rw,
   
   deny /dev/input/event[0-9]* rw,

apparmor.d/groups/freedesktop/xorg

@@ -13,6 +13,7 @@ include <tunables/global>
 @{exec_path} += /{usr/,}lib/xorg/Xorg{,.wrap}
 profile xorg @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/fonts>
@@ -131,7 +132,6 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   /dev/input/event[0-9]* rw,
   /dev/shm/#[0-9]*[0-9] rw,
   /dev/shm/shmfd-* rw,
-  /dev/tty rw,
   /dev/tty[0-9]* rw,
   /dev/vga_arbiter rw,  # Graphic card modules
 

apparmor.d/groups/freedesktop/xwayland

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path}  = /{usr/,}bin/Xwayland
 profile xwayland @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dri-common>
   include <abstractions/dri-enumerate>
   include <abstractions/mesa>
@@ -41,7 +42,6 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pids}/comm r,
 
   /dev/tty[0-9]* rw,
-  /dev/tty rw,
 
   include if exists <local/xwayland>
 }