diff --git a/apparmor.d/groups/ubuntu/software-properties-dbus b/apparmor.d/groups/ubuntu/software-properties-dbus
index 8d55ec0b7..cc7387709 100644
--- a/apparmor.d/groups/ubuntu/software-properties-dbus
+++ b/apparmor.d/groups/ubuntu/software-properties-dbus
@@ -19,11 +19,16 @@ profile software-properties-dbus @{exec_path} {
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect
-       peer=(name=:*, label=gnome-shell),
+       peer=(name=@{busname}, label=gnome-shell),
   dbus receive bus=system
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect
-       peer=(name=:*, label=software-properties-gtk),
+       peer=(name=@{busname}, label=software-properties-gtk),
+
+  dbus receive bus=system path=/
+       interface=com.ubuntu.SoftwareProperties
+       member=Reload
+       peer=(name=@{busname}, label=software-properties-gtk),
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/ubuntu/software-properties-gtk b/apparmor.d/groups/ubuntu/software-properties-gtk
index af91c7eaa..cd858737b 100644
--- a/apparmor.d/groups/ubuntu/software-properties-gtk
+++ b/apparmor.d/groups/ubuntu/software-properties-gtk
@@ -44,12 +44,10 @@ profile software-properties-gtk @{exec_path} flags=(attach_disconnected) {
   /usr/share/pixmaps/ r,
   /usr/share/python-apt/{,**} r,
   /usr/share/software-properties/{,**} r,
-  /usr/share/themes/{,**} r,
   /usr/share/ubuntu-drivers-common/detect/{,**} r,
   /usr/share/X11/xkb/{,**} r,
   /usr/share/xml/iso-codes/{,**} r,
   /usr/share/software-properties/gtkbuilder/* r,
-  /usr/share/xkeyboard-config-2/{,**} r,
 
   /etc/apport/blacklist.d/{,*} r,
   /etc/default/apport r,
diff --git a/apparmor.d/groups/ubuntu/ubuntu-advantage b/apparmor.d/groups/ubuntu/ubuntu-advantage
index e8d847e92..ea9742d4c 100644
--- a/apparmor.d/groups/ubuntu/ubuntu-advantage
+++ b/apparmor.d/groups/ubuntu/ubuntu-advantage
@@ -60,9 +60,10 @@ profile ubuntu-advantage @{exec_path} {
 
   @{run}/ubuntu-advantage/{,**} rw,
 
-        @{PROC}/version_signature r,
         @{PROC}/@{pids}/mountinfo r,
         @{PROC}/@{pids}/mounts r,
+        @{PROC}/1/cgroup r,
+        @{PROC}/version_signature r,
   owner @{PROC}/@{pid}/fd/ r,
 
   profile systemctl {
diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier
index 0de63ac64..4c60b4aaf 100644
--- a/apparmor.d/groups/ubuntu/update-notifier
+++ b/apparmor.d/groups/ubuntu/update-notifier
@@ -28,6 +28,11 @@ profile update-notifier @{exec_path} {
   #aa:dbus talk bus=system name=org.debian.apt label=apt
   #aa:dbus talk bus=session name=org.ayatana.NotificationItem interface+=org.kde.StatusNotifierItem label=gnome-shell
 
+  dbus receive bus=system path=/com/ubuntu/UnattendedUpgrade/Pending
+       interface=com.ubuntu.UnattendedUpgrade.Pending
+       member=Finished
+       peer=(name=@{busname}, label=unattended-upgrade),
+
   @{exec_path} mr,
 
   @{sh_path}                                     rix,
@@ -49,6 +54,7 @@ profile update-notifier @{exec_path} {
   @{lib}/update-notifier/package-system-locked   rPx,
   /usr/share/apport/apport-checkreports          rPx,
   /usr/share/apport/apport-gtk                   rPx,
+  @{open_path}                                    Cx -> open,
 
   @{lib}/@{python_name}/dist-packages/{apt,gi}/**/__pycache__/{,**} rw,
 
@@ -95,6 +101,13 @@ profile update-notifier @{exec_path} {
     include if exists <local/update-notifier_systemctl>
   }
 
+  profile open {
+    include <abstractions/base>
+    include <abstractions/app/open>
+
+    include if exists <local/update-notifier_open>
+  }
+
   include if exists <local/update-notifier>
 }