diff --git a/apparmor.d/groups/apt/dpkg-script-apparmor b/apparmor.d/groups/apt/dpkg-script-apparmor
index 585d9c59d..5dba3d3cb 100644
--- a/apparmor.d/groups/apt/dpkg-script-apparmor
+++ b/apparmor.d/groups/apt/dpkg-script-apparmor
@@ -9,10 +9,10 @@ include <tunables/global>
 @{exec_path} = /var/lib/dpkg/info/apparmor*
 profile dpkg-script-apparmor @{exec_path} {
   include <abstractions/base>
+  include <abstractions/app/debconf>
   include <abstractions/consoles>
-  include <abstractions/perl>
 
-  @{exec_path} mr,
+  @{exec_path} mrix,
 
   @{sh_path}   rix,
   @{bin}/grep   ix,
@@ -21,6 +21,7 @@ profile dpkg-script-apparmor @{exec_path} {
   @{bin}/deb-systemd-invoke  Px,
   @{bin}/dpkg-divert         ix,
   @{bin}/systemctl           Cx -> systemctl,
+  @{sbin}/apparmor_parser    Px,
 
   /usr/share/apparmor.d/** rw,
 
diff --git a/apparmor.d/groups/apt/dpkg-script-linux b/apparmor.d/groups/apt/dpkg-script-linux
index c84d6aa4b..8b2470a6c 100644
--- a/apparmor.d/groups/apt/dpkg-script-linux
+++ b/apparmor.d/groups/apt/dpkg-script-linux
@@ -22,11 +22,12 @@ profile dpkg-script-linux @{exec_path} {
   @{bin}/run-parts   ix,
   @{bin}/stty        ix,
 
-  @{bin}/dpkg-trigger           Px,
-  @{bin}/kmod                   Px,
-  @{bin}/linux-check-removal    Px,
-  @{bin}/linux-update-symlinks  Px,
-  @{bin}/whiptail               Px,
+  @{bin}/dpkg-trigger             Px,
+  @{bin}/kmod                     Px,
+  @{bin}/linux-check-removal      Px,
+  @{bin}/linux-update-symlinks    Px,
+  @{bin}/whiptail                 Px,
+  @{bin}/dpkg-maintscript-helper  Px,
 
   /usr/share/{update,reboot}-notifier/notify-reboot-required  Px,
   /etc/kernel/{,header_}postinst.d/*                          Px,
diff --git a/apparmor.d/groups/apt/dpkg-script-systemd b/apparmor.d/groups/apt/dpkg-script-systemd
index 28f4b6e87..ccaa62a30 100644
--- a/apparmor.d/groups/apt/dpkg-script-systemd
+++ b/apparmor.d/groups/apt/dpkg-script-systemd
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /var/lib/dpkg/info/systemd*
 profile dpkg-script-systemd @{exec_path} {
   include <abstractions/base>
+  include <abstractions/app/debconf>
   include <abstractions/consoles>
 
   @{exec_path} mrix,
diff --git a/apparmor.d/groups/apt/dpkg-script-tmp b/apparmor.d/groups/apt/dpkg-script-tmp
index e6c7fbe44..65e63d076 100644
--- a/apparmor.d/groups/apt/dpkg-script-tmp
+++ b/apparmor.d/groups/apt/dpkg-script-tmp
@@ -10,6 +10,7 @@ include <tunables/global>
 profile dpkg-script-tmp @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/perl>
 
   @{exec_path} mrix,
 
@@ -22,6 +23,9 @@ profile dpkg-script-tmp @{exec_path} flags=(attach_disconnected) {
   @{bin}/dpkg-maintscript-helper   Px,
   @{bin}/kmod                      Cx -> kmod,
   @{bin}/systemctl                 Cx -> systemctl,
+  /usr/share/debconf/frontend      Px,
+
+  /usr/share/debconf/confmodule r,
 
   /etc/kernel/preinst.d/*-microcode ix,
 
diff --git a/apparmor.d/groups/apt/dpkg-scripts b/apparmor.d/groups/apt/dpkg-scripts
index d644b6c3e..dcb6ca379 100644
--- a/apparmor.d/groups/apt/dpkg-scripts
+++ b/apparmor.d/groups/apt/dpkg-scripts
@@ -62,8 +62,8 @@ profile dpkg-scripts @{exec_path} {
   @{lib}/ r,
   /etc/ r,
   /etc/** rw,
-  /usr/share/*/ r,
-  /usr/share/*/** rw,
+  /usr/share/*/{,**} rw,
+  /usr/local/share/*/{,**} rw,
   /var/** rw,
   @{run}/** rw,
   @{efi}/grub/* rw,