feat(profile): restrict dbus in dbus

even dbus-* profiles do not need access to the full bus.

apparmor.d/groups/bus/dbus-accessibility

@@ -25,8 +25,7 @@ profile dbus-accessibility @{exec_path} flags=(attach_disconnected) {
   signal (receive) set=(term hup kill) peer=dbus-session,
   signal (receive) set=(term hup kill) peer=gdm{,-session-worker},
 
-  dbus bus=accessibility,
-
+  #aa:dbus own bus=accessibility name=org.freedesktop.DBus
   #aa:dbus own bus=session name=org.a11y.{B,b}us
 
   dbus receive bus=session

apparmor.d/groups/bus/dbus-session

@@ -29,7 +29,7 @@ profile dbus-session flags=(attach_disconnected) {
   signal (send)    set=(term hup kill) peer=dconf-service,
   signal (send)    set=(term hup kill) peer=xdg-*,
 
-  dbus bus=session,
+  #aa:dbus own bus=session name=org.freedesktop.DBus
 
   @{exec_path} mrix,
 

apparmor.d/groups/bus/dbus-system

@@ -32,7 +32,7 @@ profile dbus-system flags=(attach_disconnected) {
 
   ptrace (read) peer=@{p_systemd},
 
-  dbus bus=system,
+  #aa:dbus own bus=system name=org.freedesktop.DBus
 
   @{exec_path} mrix,