refactor(profiles): use @{bin} and @{lib} in profiles (7)

apparmor.d/profiles-s-z/wireshark

@@ -10,7 +10,7 @@ include <tunables/global>
 # pcap pcapng
 @{wireshark_ext} = [pP][cC][aA][pP]{,[nN][gG]}
 
-@{exec_path} = /{usr/,}bin/wireshark
+@{exec_path} = @{bin}/wireshark
 profile wireshark @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
@@ -34,8 +34,8 @@ profile wireshark @{exec_path} {
 
   @{exec_path} mr,
 
-  /{usr/,}bin/dumpcap          rPx,
-  /{usr/,}bin/xdg-open         rCx -> open,
+  @{bin}/dumpcap          rPx,
+  @{bin}/xdg-open         rCx -> open,
 
   # For reading pcaps
         / r,
@@ -49,8 +49,8 @@ profile wireshark @{exec_path} {
 
   # Wireshark files
   /usr/share/wireshark/** r,
-  /{usr/,}lib/@{multiarch}/wireshark/extcap/* rix,
-  /{usr/,}lib/@{multiarch}/wireshark/plugins/*/{codecs,epan,wiretap}/*.so mr,
+  @{lib}/@{multiarch}/wireshark/extcap/* rix,
+  @{lib}/@{multiarch}/wireshark/plugins/*/{codecs,epan,wiretap}/*.so mr,
   /etc/wireshark/init.lua r,
 
   # Wireshark home files
@@ -81,7 +81,7 @@ profile wireshark @{exec_path} {
   owner /tmp/wireshark_extcap_ciscodump_[0-9]*_* rw,
 
   # Allowed apps to open
-  /{usr/,}lib/firefox/firefox rPUx,
+  @{lib}/firefox/firefox rPUx,
 
   # file_inherit
   owner /dev/tty[0-9]* rw,
@@ -91,19 +91,19 @@ profile wireshark @{exec_path} {
     include <abstractions/base>
     include <abstractions/xdg-open>
 
-    /{usr/,}bin/xdg-open mr,
+    @{bin}/xdg-open mr,
 
-    /{usr/,}bin/{,ba,da}sh      rix,
-    /{usr/,}bin/{m,g,}awk       rix,
-    /{usr/,}bin/readlink        rix,
-    /{usr/,}bin/basename        rix,
+    @{bin}/{,ba,da}sh      rix,
+    @{bin}/{m,g,}awk       rix,
+    @{bin}/readlink        rix,
+    @{bin}/basename        rix,
 
     owner @{HOME}/ r,
 
     owner @{run}/user/@{uid}/ r,
 
     # Allowed apps to open
-    /{usr/,}lib/firefox/firefox rPUx,
+    @{lib}/firefox/firefox rPUx,
 
     # file_inherit
     owner @{HOME}/.xsession-errors w,