tty and pts are part of abstractions/consoles

apparmor.d/groups/network/mullvad-gui

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = "/opt/Mullvad VPN/mullvad-gui"
 profile mullvad-gui @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/chromium-common>
   include <abstractions/dconf-write>
   include <abstractions/dri-common>
@@ -69,7 +70,6 @@ profile mullvad-gui @{exec_path} {
   owner @{PROC}/@{pid}/task/@{tid}/status r,
   owner @{PROC}/@{pid}/uid_map w,
 
-  /dev/tty rw,
 
   include if exists <local/mullvad-gui>
 }

apparmor.d/groups/network/nm-openvpn-service

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/nm-openvpn-service
 profile nm-openvpn-service @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability kill,
@@ -27,7 +28,6 @@ profile nm-openvpn-service @{exec_path} {
   @{run}/NetworkManager/nm-openvpn-@{uuid} rw,
 
   /dev/net/tun rw,
-  /dev/tty rw,
 
   owner @{PROC}/@{pid}/fd/ r,
 

apparmor.d/groups/network/wg-quick

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/wg-quick
 profile wg-quick @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability net_admin,
 
@@ -39,7 +40,6 @@ profile wg-quick @{exec_path} {
 
   @{PROC}/sys/net/ipv4/conf/all/src_valid_mark w,
 
-  /dev/tty rw,
 
   # Force the use as root
   deny /{usr/,}bin/sudo x,