feat(profiles): general update.

apparmor.d/profiles-a-f/browserpass

@@ -18,11 +18,11 @@ profile browserpass @{exec_path} flags=(attach_disconnected) {
   /{usr/,}bin/gpg rUx,
 
   owner @{HOME}/.password-store/{,**} r,
-  owner @{HOME}/.mozilla/firefox/[0-9a-z]*.default/.parentlock rw,
-  owner @{HOME}/.mozilla/firefox/[0-9a-z]*.default/extensions/* r,
-  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/scriptCache-*.bin r,
-  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/startupCache.*.little r,
-  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/safebrowsing-updating/google[0-9]/goog-phish-proto-[0-9]*.vlpset rw,
+  owner @{HOME}/.mozilla/firefox/[0-9a-z]*.*/.parentlock rw,
+  owner @{HOME}/.mozilla/firefox/[0-9a-z]*.*/extensions/* r,
+  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/startupCache/scriptCache-*.bin r,
+  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/startupCache/startupCache.*.little r,
+  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/safebrowsing-updating/google[0-9]/goog-phish-proto-[0-9]*.vlpset rw,
   owner /tmp/mozilla-temp-[0-9]* r,
 
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
@@ -32,7 +32,8 @@ profile browserpass @{exec_path} flags=(attach_disconnected) {
   # Inherit Silencer
   deny network inet6,
   deny network inet,
-  deny owner @{HOME}/.mozilla/firefox/[0-9a-z]*.default/storage/default/{,**} rw,
+  deny owner @{HOME}/.mozilla/firefox/[0-9a-z]*.*/features/*/*.xpi r,
+  deny owner @{HOME}/.mozilla/firefox/[0-9a-z]*.*/storage/default/{,**} rw,
   deny owner @{HOME}/@{XDG_DOWNLOAD_DIR}/{,**} rw,
   deny owner @{run}/user/@{uid}/gnome-shell-disable-extensions w,
   deny owner @{user_share_dirs}/gvfs-metadata/{,**} r,

apparmor.d/profiles-a-f/downloadhelper

@@ -26,11 +26,11 @@ profile downloadhelper @{exec_path} {
   /opt/net.downloadhelper.coapp/bin/ r,
   /opt/net.downloadhelper.coapp/converter/build/** rix,
 
-  owner @{HOME}/.mozilla/firefox/[0-9a-z]*.default/.parentlock rw,
-  owner @{HOME}/.mozilla/firefox/[0-9a-z]*.default/extensions/* r,
-  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/scriptCache-*.bin r,
-  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/startupCache.*.little r,
-  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/safebrowsing-updating/google[0-9]/goog-phish-proto-[0-9]*.vlpset rw,
+  owner @{HOME}/.mozilla/firefox/[0-9a-z]*.*/.parentlock rw,
+  owner @{HOME}/.mozilla/firefox/[0-9a-z]*.*/extensions/* r,
+  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/startupCache/scriptCache-*.bin r,
+  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/startupCache/startupCache.*.little r,
+  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/safebrowsing-updating/google[0-9]/goog-phish-proto-[0-9]*.vlpset rw,
 
   owner /tmp/vdh-*.tmp rw,
 

apparmor.d/profiles-a-f/flatpak-session-helper

@@ -15,9 +15,11 @@ profile flatpak-session-helper @{exec_path} {
 
   @{exec_path} mr,
 
+  /{usr/,}bin/dbus-monitor           rPUx,
   /{usr/,}bin/p11-kit                 rix,
-  /{usr/,}lib/p11-kit/p11-kit-server  rix,
+  /{usr/,}bin/pkexec                  rPx,
   /{usr/,}lib/p11-kit/p11-kit-remote  rix,
+  /{usr/,}lib/p11-kit/p11-kit-server  rix,
 
   owner @{run}/user/@{uid}/.flatpak-helper/{,**} rw,
   owner @{run}/user/@{uid}/.flatpak-helper/pkcs11-flatpak-[0-9]* rw,

apparmor.d/profiles-a-f/fsck

@@ -32,8 +32,8 @@ profile fsck @{exec_path} {
   owner @{run}/fsck/*.lock rwk,
   owner @{run}/blkid/blkid.tab{,-*} rw,
   owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,
-  owner @{run}/systemd/fsck.progress w,
         @{run}/mount/utab r,
+        @{run}/systemd/fsck.progress w,
 
   @{PROC}/@{pids}/mountinfo r,
   @{PROC}/partitions r,