diff --git a/apparmor.d/abstractions/app/chromium b/apparmor.d/abstractions/app/chromium
index 9c5b16edd..1c504d2a8 100644
--- a/apparmor.d/abstractions/app/chromium
+++ b/apparmor.d/abstractions/app/chromium
@@ -36,6 +36,7 @@
   include <abstractions/common/chromium>
   include <abstractions/dconf-write>
   include <abstractions/desktop>
+  include <abstractions/devices-u2f>
   include <abstractions/devices-usb-read>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/graphics>
@@ -154,9 +155,7 @@
   @{sys}/class/**/ r,
   @{sys}/devices/@{pci}/{in_intensity_sampling_frequency,in_intensity_scale,in_illuminance_raw} r,
   @{sys}/devices/@{pci}/boot_vga r,
-  @{sys}/devices/@{pci}/report_descriptor r,
   @{sys}/devices/**/uevent r,
-  @{sys}/devices/virtual/**/report_descriptor r,
 
         @{PROC}/ r,
         @{PROC}/@{pid}/fd/ r,
@@ -181,7 +180,6 @@
   owner @{PROC}/@{pid}/task/@{tid}/stat r,
 
         /dev/ r,
-        /dev/hidraw@{int} rw,
         /dev/tty rw,
   owner /dev/tty@{int} rw,
 
diff --git a/apparmor.d/abstractions/app/firefox b/apparmor.d/abstractions/app/firefox
index e0321f62f..21534208f 100644
--- a/apparmor.d/abstractions/app/firefox
+++ b/apparmor.d/abstractions/app/firefox
@@ -31,6 +31,7 @@
   include <abstractions/cups-client>
   include <abstractions/dconf-write>
   include <abstractions/desktop>
+  include <abstractions/devices-u2f>
   include <abstractions/enchant>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/graphics>
@@ -164,7 +165,6 @@
   owner @{PROC}/@{pid}/uid_map w, # If kernel.unprivileged_userns_clone = 1
 
         /dev/ r,
-        /dev/hidraw@{int} rw,
         /dev/tty rw,
         /dev/video@{int} rw,
   owner /dev/tty@{int} rw, # File Inherit
diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app
index 5a93050d6..e83efdb89 100644
--- a/apparmor.d/abstractions/common/app
+++ b/apparmor.d/abstractions/common/app
@@ -21,6 +21,7 @@
   include <abstractions/consoles>
   include <abstractions/cups-client>
   include <abstractions/desktop>
+  include <abstractions/devices-u2f>
   include <abstractions/devices-usb>
   include <abstractions/disks-read>
   include <abstractions/enchant>
@@ -148,7 +149,6 @@
         @{att}/dev/dri/renderD129 rw,
   owner @{att}/dev/shm/@{uuid} r,
 
-  /dev/hidraw@{int} rw,
   /dev/ptmx rw,
   /dev/pts/ptmx rw,
   /dev/tty rw,
diff --git a/apparmor.d/abstractions/devices-u2f b/apparmor.d/abstractions/devices-u2f
new file mode 100644
index 000000000..c707d66e0
--- /dev/null
+++ b/apparmor.d/abstractions/devices-u2f
@@ -0,0 +1,23 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2019 Canonical Ltd
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Allows access to Universal 2nd Factor (U2F) devices
+
+  abi <abi/4.0>,
+
+  @{run}/udev/data/+power_supply:* r,     # For power supply devices (batteries, AC adapters, USB chargers)
+
+  # Needed for dynamic assignment of U2F devices
+  @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511
+
+  @{sys}/devices/**/i2c*/**/report_descriptor r,
+  @{sys}/devices/**/usb@{int}/**/report_descriptor r,
+
+  # Allow raw access HDI (Human Interface Devices) wich is how U2F devices are exposed
+  /dev/hidraw@{int} rw,
+
+  include if exists <abstractions/devices-u2f.d>
+
+# vim:syntax=apparmor