diff --git a/apparmor.d/groups/apt/dpkg-script-apparmor b/apparmor.d/groups/apt/dpkg-script-apparmor
new file mode 100644
index 000000000..088fff84a
--- /dev/null
+++ b/apparmor.d/groups/apt/dpkg-script-apparmor
@@ -0,0 +1,60 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = /var/lib/dpkg/info/apparmor*
+profile dpkg-script-apparmor @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/perl>
+
+  @{exec_path} mr,
+
+  @{sh_path}   rix,
+  @{bin}/grep  rix,
+
+  @{bin}/deb-systemd-helper  rPx,
+  @{bin}/deb-systemd-invoke  rPx,
+  @{bin}/dpkg-divert         rix,
+  @{bin}/systemctl           rCx -> systemctl,
+
+  /usr/share/apparmor.d/** rw,
+
+  /etc/apparmor.d/** rw,
+
+  /var/lib/dpkg/diversions rw,
+  /var/lib/dpkg/diversions-new rw,
+  /var/lib/dpkg/diversions-old rwl -> /var/lib/dpkg/diversions,
+
+  /var/lib/dpkg/info/*.list r,
+  /var/lib/dpkg/status r,
+  /var/lib/dpkg/triggers/File r,
+  /var/lib/dpkg/triggers/Unincorp r,
+  /var/lib/dpkg/updates/ r,
+  /var/lib/dpkg/updates/@{int} r,
+
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/app/systemctl>
+
+    capability net_admin,
+    capability sys_resource,
+
+    signal send set=(cont term) peer=systemd-tty-ask-password-agent,
+
+    @{bin}/systemd-tty-ask-password-agent rix,
+
+    owner @{run}/systemd/ask-password/ rw,
+    owner @{run}/systemd/ask-password-block/{,*} rw,
+
+    include if exists <local/dpkg-script-apparmor_systemctl>
+  }
+
+  include if exists <local/dpkg-script-apparmor>
+}
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/groups/apt/dpkg-script-man b/apparmor.d/groups/apt/dpkg-script-man
new file mode 100644
index 000000000..63f5c5c78
--- /dev/null
+++ b/apparmor.d/groups/apt/dpkg-script-man
@@ -0,0 +1,27 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = /var/lib/dpkg/info/man-db.*
+profile dpkg-script-man @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice-strict>
+
+  capability setgid,
+  capability setuid,
+
+  @{exec_path} mr,
+
+  @{sh_path}      rix,
+  @{bin}/setpriv  rix,
+  @{bin}/mandb    rPx,
+
+  include if exists <local/dpkg-script-man>
+}
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/groups/apt/dpkg-script-udev b/apparmor.d/groups/apt/dpkg-script-udev
new file mode 100644
index 000000000..58840ef39
--- /dev/null
+++ b/apparmor.d/groups/apt/dpkg-script-udev
@@ -0,0 +1,21 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = /var/lib/dpkg/info/udev*
+profile dpkg-script-udev @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  @{bin}/systemd-hwdb rPx,
+  @{bin}/deb-systemd-invoke rPx,
+
+  include if exists <local/dpkg-script-udev>
+}
+
+# vim:syntax=apparmor
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 8b1f3030c..894945f2e 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -86,6 +86,9 @@ dmsetup complain
 dockerd attach_disconnected,complain
 dolphin complain
 downloadhelper complain
+dpkg-script-apparmor complain
+dpkg-script-man complain
+dpkg-script-udev complain
 drkonqi complain
 drkonqi-coredump-cleanup complain
 drkonqi-coredump-processor complain