feat(abs): add the app/kmod abstraction.

apparmor.d/profiles-a-f/check-bios-nx

@@ -32,17 +32,11 @@ profile check-bios-nx @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
+    include <abstractions/app/kmod>
 
-    @{bin}/kmod mr,
-
-    /etc/modprobe.d/ r,
-    /etc/modprobe.d/*.conf r,
-    @{lib}/modprobe.d/ r,
-    @{lib}/modprobe.d/*.conf r,
     @{lib}/modules/*/modules.* r,
 
-    @{PROC}/cmdline r,
-
+    include if exists <local/check-bios-nx_kmod>
   }
 
   include if exists <local/check-bios-nx>

apparmor.d/profiles-a-f/dkms

@@ -97,20 +97,14 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
 
   profile kmod {
     include <abstractions/base>
-    include <abstractions/consoles>
-
-    @{bin}/kmod mr,
-
-    @{PROC}/cmdline r,
-
-    /etc/depmod.d/{,*} r,
+    include <abstractions/app/kmod>
 
     @{lib}/modules/*/modules.* rw,
     /var/lib/dkms/**/module/*.ko* r,
 
     owner /boot/System.map-* r,
 
-    owner @{tmp}/tmp.* r,
+    audit owner @{tmp}/tmp.* r,
 
     @{sys}/module/compression r,