diff --git a/apparmor.d/groups/flatpak/flatpak b/apparmor.d/groups/flatpak/flatpak
index 12d5b7718..582a7ac49 100644
--- a/apparmor.d/groups/flatpak/flatpak
+++ b/apparmor.d/groups/flatpak/flatpak
@@ -9,9 +9,11 @@ include <tunables/global>
 @{exec_path} = @{bin}/flatpak
 profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) {
   include <abstractions/base>
+  include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
   include <abstractions/bus-system>
-  include <abstractions/bus/org.freedesktop.Accounts>
+  include <abstractions/bus/org.a11y>
+  include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/consoles>
   include <abstractions/dconf-write>
   include <abstractions/desktop>
@@ -37,6 +39,10 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
 
   signal send peer=flatpak-app,
 
+  #aa:dbus talk bus=session name=org.freedesktop.Flatpak.SessionHelper label=flatpak-session-helper
+  #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon
+  #aa:dbus talk bus=system name=org.freedesktop.PolicyKit1 label=polkitd
+
   @{exec_path} mr,
 
   @{bin}/bwrap               rPx -> flatpak-app,
@@ -46,6 +52,9 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
   @{bin}/gpgsm               rCx -> gpg,
   @{lib}/revokefs-fuse       rix,
 
+  @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9]  rPx,
+  @{lib}/polkit-agent-helper-[0-9]               rPx,
+
   /usr/share/flatpak/{,**} r,
 
   /etc/flatpak/{,**} r,
@@ -57,7 +66,8 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
 
         /var/tmp/#@{int} rw,
         /var/tmp/flatpak-cache-@{rand6}/{,**/} r,
-  owner /var/tmp/flatpak-cache-@{rand6}/{,**} rwk,
+  owner /var/tmp/flatpak-cache-@{rand6}/ rw,
+  owner /var/tmp/flatpak-cache-@{rand6}/** rwlk -> /var/tmp/flatpak-cache-@{rand6}/**,
 
   owner @{HOME}/.var/ w,
   owner @{HOME}/.var/app/{,**} rw,
diff --git a/apparmor.d/groups/flatpak/flatpak-system-helper b/apparmor.d/groups/flatpak/flatpak-system-helper
index 60c41a6a9..dfaa920ac 100644
--- a/apparmor.d/groups/flatpak/flatpak-system-helper
+++ b/apparmor.d/groups/flatpak/flatpak-system-helper
@@ -9,12 +9,15 @@ include <tunables/global>
 @{exec_path} = @{lib}/flatpak-system-helper
 profile flatpak-system-helper @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus-system>
+  include <abstractions/bus/org.freedesktop.PolicyKit1>
   include <abstractions/nameservice-strict>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
 
   capability chown,
   capability dac_override,
+  capability dac_read_search,
   capability fowner,
   capability net_admin,
   capability setgid,
@@ -22,7 +25,7 @@ profile flatpak-system-helper @{exec_path} {
   capability sys_nice,
   capability sys_ptrace,
 
-  ptrace (read),
+  ptrace read,
 
   #aa:dbus own bus=system name=org.freedesktop.Flatpak.SystemHelper
 
@@ -48,6 +51,9 @@ profile flatpak-system-helper @{exec_path} {
   owner /{var/,}tmp/ostree-gpg-@{rand6}/ rw,
   owner @{tmp}/ostree-gpg-@{rand6}/** rwkl -> /tmp/ostree-gpg-@{rand6}/**,
 
+  /tmp/remote-summary-sig.@{rand6} r,
+  /tmp/remote-summary.@{rand6} r,
+
         @{PROC}/@{pid}/stat r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/fdinfo/@{int} r,