feat(profiles): rewrite dpkg profile.

apparmor.d/groups/apt/apt-methods-store

@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -30,29 +31,29 @@ profile apt-methods-store @{exec_path} {
   # apt-helper gets "no new privs" so "rix" it
   @{lib}/apt/apt-helper rix,
 
+  /usr/share/dpkg/cputable r,
+  /usr/share/dpkg/tupletable r,
+  /usr/share/doc/*/changelog.* r,
+
+  /etc/apt/apt.conf.d/{,*} r,
+  /etc/apt/apt.conf r,
+
   # For shell pwd
   / r,
   /etc/ r,
   /root/ r,
 
-  /etc/apt/apt.conf.d/{,*} r,
-  /etc/apt/apt.conf r,
-
-  /usr/share/dpkg/cputable r,
-  /usr/share/dpkg/tupletable r,
-
         /var/lib/apt/lists/{,**} r,
   owner /var/lib/apt/lists/* rw,
   owner /var/lib/apt/lists/partial/* rw,
-
-  /usr/share/doc/*/changelog.* r,
-
-        /tmp/ r,
-  owner /tmp/apt-changelog-*/*.changelog{,.*} rw,
+  owner /var/lib/ubuntu-advantage/apt-esm/{,**} rw,
 
   # For package building
   @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
 
+        /tmp/ r,
+  owner /tmp/apt-changelog-*/*.changelog{,.*} rw,
+
   # file_inherit
   owner /dev/tty@{int} rw,
   owner /var/log/cron-apt/temp w,