refractor(profiles): unify the name of the local variables.

2024-11-14 23:43:56 +01:00 · 2023-09-13 20:55:20 +01:00 · 2023-09-13 20:55:20 +01:00 · 2d2693bd99
commit 2d2693bd99
parent 57f914d7fd
20 changed files with 166 additions and 166 deletions
--- a/apparmor.d/abstractions/chromium
+++ b/apparmor.d/abstractions/chromium
@ -6,11 +6,11 @@
 # (like electron) use abstractions/chromium-common instead.

 # This abstraction requires the following variables definied in the profile header:
-# @{chromium_name} = chromium
-# @{chromium_domain} = org.chromium.Chromium
-# @{chromium_lib_dirs} = @{lib}/chromium
-# @{chromium_config_dirs} = @{user_config_dirs}/chromium
-# @{chromium_cache_dirs} = @{user_cache_dirs}/chromium
+# @{name} = chromium
+# @{domain} = org.chromium.Chromium
+# @{lib_dirs} = @{lib}/chromium
+# @{config_dirs} = @{user_config_dirs}/chromium
+# @{cache_dirs} = @{user_cache_dirs}/chromium

  abi <abi/3.0>,

@ -55,9 +55,9 @@
  network inet6 stream,
  network netlink raw,

-  @{chromium_lib_dirs}/{,**} r,
-  @{chromium_lib_dirs}/chrome_crashpad_handler  rPx,
-  @{chromium_lib_dirs}/chrome-sandbox           rPx,
+  @{lib_dirs}/{,**} r,
+  @{lib_dirs}/chrome_crashpad_handler  rPx,
+  @{lib_dirs}/chrome-sandbox           rPx,

  # Desktop integration
  @{bin}/lsb_release        rPx -> lsb_release,
@ -87,14 +87,14 @@
  @{bin}/chrome-gnome-shell            rPx,
  @{bin}/gnome-browser-connector-host  rPx,

-  /usr/share/@{chromium_name}/{,**} r,
+  /usr/share/@{name}/{,**} r,
  /usr/share/chromium/extensions/{,**} r,
  /usr/share/egl/{,**} r,
  /usr/share/libdrm/*.ids r,
  /usr/share/mozilla/extensions/{,**} r,
  /usr/share/webext/{,**} r,

-  /etc/@{chromium_name}/{,**} r,
+  /etc/@{name}/{,**} r,
  /etc/fstab r,
  /etc/libva.conf r,
  /etc/opensc.conf r,
@ -115,13 +115,13 @@
  owner @{user_config_dirs}/ r,
  owner @{user_config_dirs}/gtk-3.0/servers r,
  owner @{user_share_dirs}/ r,
-  owner @{user_share_dirs}/.@{chromium_domain}.* rw,
+  owner @{user_share_dirs}/.@{domain}.* rw,

-  owner @{chromium_config_dirs}/ rw,
-  owner @{chromium_config_dirs}/** rwk,
-  owner @{chromium_config_dirs}/WidevineCdm/*/_platform_specific/linux_*/libwidevinecdm.so mrw,
+  owner @{config_dirs}/ rw,
+  owner @{config_dirs}/** rwk,
+  owner @{config_dirs}/WidevineCdm/*/_platform_specific/linux_*/libwidevinecdm.so mrw,

-  owner @{chromium_cache_dirs}/{,**} rw,
+  owner @{cache_dirs}/{,**} rw,

  # For importing data (bookmarks, cookies, etc) from Firefox
  # owner @{HOME}/.mozilla/firefox/profiles.ini r,
@ -135,16 +135,16 @@

        /tmp/ r,
        /var/tmp/ r,
-  owner /tmp/.@{chromium_domain}.* rw,
-  owner /tmp/.@{chromium_domain}*/{,**} rw,
-  owner /tmp/@{chromium_name}-crashlog-@{int}-@{int}.txt rw,
+  owner /tmp/.@{domain}.* rw,
+  owner /tmp/.@{domain}*/{,**} rw,
+  owner /tmp/@{name}-crashlog-@{int}-@{int}.txt rw,
  owner /tmp/scoped_dir*/{,**} rw,
  owner /tmp/tmp.* rw,
  owner /tmp/tmp.*/ rw,
  owner /tmp/tmp.*/** rwk,

        /dev/shm/ r,
-  owner /dev/shm/.@{chromium_domain}* rw,
+  owner /dev/shm/.@{domain}* rw,

        @{PROC}/ r,
        @{PROC}/@{pid}/fd/ r,
@ -198,7 +198,7 @@
  owner /dev/tty@{int} rw,

  # Silencer
-  deny @{chromium_lib_dirs}/** w,
+  deny @{lib_dirs}/** w,
  deny @{user_share_dirs}/gvfs-metadata/* r,

  include if exists <abstractions/chromium.d>
--- a/apparmor.d/groups/browsers/brave
+++ b/apparmor.d/groups/browsers/brave
@ -7,13 +7,13 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_name} = brave{,-beta,-dev,-bin}
-@{chromium_domain} = com.brave.Brave
-@{chromium_lib_dirs} = /opt/brave{-bin,.com}/@{chromium_name}
-@{chromium_config_dirs} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
-@{chromium_cache_dirs} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
+@{name} = brave{,-beta,-dev,-bin}
+@{domain} = com.brave.Brave
+@{lib_dirs} = /opt/brave{-bin,.com}/@{name}
+@{config_dirs} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
+@{cache_dirs} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}

-@{exec_path} = @{chromium_lib_dirs}{,/@{chromium_name}}
+@{exec_path} = @{lib_dirs}{,/@{name}}
 profile brave @{exec_path} {
  include <abstractions/base>
  include <abstractions/chromium>
@ -22,8 +22,8 @@ profile brave @{exec_path} {

  @{bin}/man  rPUx, #  For "brave --help"

-  @{chromium_lib_dirs}/swiftshader/libGLESv2.so mr,
-  @{chromium_lib_dirs}/swiftshader/libEGL.so mr,
+  @{lib_dirs}/swiftshader/libGLESv2.so mr,
+  @{lib_dirs}/swiftshader/libEGL.so mr,

  /usr/share/chromium/extensions/ r,

@ -33,8 +33,8 @@ profile brave @{exec_path} {
  owner @{user_config_dirs}/menus/applications-merged/ r,
  owner @{user_config_dirs}/menus/applications-merged/xdg-desktop-menu-dummy.menu r,

-  owner @{chromium_config_dirs}/WidevineCdm/libwidevinecdm.so mrw,
-  owner @{chromium_cache_dirs}/BraveSoftware/ rw,
+  owner @{config_dirs}/WidevineCdm/libwidevinecdm.so mrw,
+  owner @{cache_dirs}/BraveSoftware/ rw,

  owner /tmp/net-export/ rw,  # For brave://net-export/

--- a/apparmor.d/groups/browsers/brave-sandbox
+++ b/apparmor.d/groups/browsers/brave-sandbox
@ -7,9 +7,9 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_lib_dirs} = /opt/brave.com/brave{,-beta,-dev} /opt/brave-bin/brave{,-beta,-dev}
+@{lib_dirs} = /opt/brave.com/brave{,-beta,-dev} /opt/brave-bin/brave{,-beta,-dev}

-@{exec_path} = @{chromium_lib_dirs}/{brave,chrome}-sandbox
+@{exec_path} = @{lib_dirs}/{brave,chrome}-sandbox
 profile brave-sandbox @{exec_path} {
  include <abstractions/base>

@ -21,7 +21,7 @@ profile brave-sandbox @{exec_path} {

  @{exec_path} mr,

-  @{chromium_lib_dirs}/brave      rPx,
+  @{lib_dirs}/brave      rPx,

        @{PROC} r,
        @{PROC}/@{pids}/ r,
--- a/apparmor.d/groups/browsers/brave-wrapper
+++ b/apparmor.d/groups/browsers/brave-wrapper
@ -7,9 +7,9 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_lib_dirs} = /opt/brave.com/brave{,-beta,-dev} /opt/brave-bin/brave{,-beta,-dev}
+@{lib_dirs} = /opt/brave.com/brave{,-beta,-dev} /opt/brave-bin/brave{,-beta,-dev}

-@{exec_path} = @{chromium_lib_dirs}/brave-browser{,-beta,-dev}
+@{exec_path} = @{lib_dirs}/brave-browser{,-beta,-dev}
 profile brave-wrapper @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
@ -24,7 +24,7 @@ profile brave-wrapper @{exec_path} {
  @{bin}/touch                 rix,
  @{bin}/which{,.debianutils}  rix,

-  @{chromium_lib_dirs}/brave rPx,
+  @{lib_dirs}/brave rPx,

  owner @{PROC}/@{pid}/fd/ w,

--- a/apparmor.d/groups/browsers/chrome
+++ b/apparmor.d/groups/browsers/chrome
@ -7,13 +7,13 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_name} = chrome{,-beta,-stable,-unstable}
-@{chromium_domain} = com.google.Chrome
-@{chromium_lib_dirs} = /opt/google/@{chromium_name}
-@{chromium_config_dirs} = @{user_config_dirs}/google-@{chromium_name}
-@{chromium_cache_dirs} = @{user_cache_dirs}/google-@{chromium_name}
+@{name} = chrome{,-beta,-stable,-unstable}
+@{domain} = com.google.Chrome
+@{lib_dirs} = /opt/google/@{name}
+@{config_dirs} = @{user_config_dirs}/google-@{name}
+@{cache_dirs} = @{user_cache_dirs}/google-@{name}

-@{exec_path} = @{chromium_lib_dirs}/@{chromium_name}
+@{exec_path} = @{lib_dirs}/@{name}
 profile chrome @{exec_path} {
  include <abstractions/base>
  include <abstractions/chromium>
@ -22,16 +22,16 @@ profile chrome @{exec_path} {

  @{bin}/man  rPUx, #  For "chrome --help"

-  @{chromium_lib_dirs}/google-@{chromium_name}  rPx,
+  @{lib_dirs}/google-@{name}  rPx,

-  @{chromium_lib_dirs}/nacl_helper    rix,
-  @{chromium_lib_dirs}/xdg-mime       rix, #-> xdg-mime,
-  @{chromium_lib_dirs}/xdg-settings   rix, #-> xdg-settings,
+  @{lib_dirs}/nacl_helper    rix,
+  @{lib_dirs}/xdg-mime       rix, #-> xdg-mime,
+  @{lib_dirs}/xdg-settings   rix, #-> xdg-settings,

-  @{chromium_lib_dirs}/*.so* mr,
-  @{chromium_lib_dirs}/libwidevinecdm.so mr,
-  @{chromium_lib_dirs}/libwidevinecdmadapter.so mr,
-  @{chromium_lib_dirs}/WidevineCdm/_platform_specific/linux_*/libwidevinecdm.so mr,
+  @{lib_dirs}/*.so* mr,
+  @{lib_dirs}/libwidevinecdm.so mr,
+  @{lib_dirs}/libwidevinecdmadapter.so mr,
+  @{lib_dirs}/WidevineCdm/_platform_specific/linux_*/libwidevinecdm.so mr,

  include if exists <local/chrome>
 }
--- a/apparmor.d/groups/browsers/chrome-crashpad-handler
+++ b/apparmor.d/groups/browsers/chrome-crashpad-handler
@ -7,10 +7,10 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_lib_dirs} = /opt/google/chrome{,-beta,-unstable}
-@{chromium_config_dirs} = @{user_config_dirs}/google-chrome{,-beta,-unstable}
+@{lib_dirs} = /opt/google/chrome{,-beta,-unstable}
+@{config_dirs} = @{user_config_dirs}/google-chrome{,-beta,-unstable}

-@{exec_path} = @{chromium_lib_dirs}/chrome_crashpad_handler
+@{exec_path} = @{lib_dirs}/chrome_crashpad_handler
 profile chrome-crashpad-handler @{exec_path} {
  include <abstractions/base>

@ -21,7 +21,7 @@ profile chrome-crashpad-handler @{exec_path} {

  @{exec_path} mrix,

-  owner "@{chromium_config_dirs}/Crash Reports/**" rwk,
+  owner "@{config_dirs}/Crash Reports/**" rwk,

        @{PROC}/sys/kernel/yama/ptrace_scope r,
  owner @{PROC}/@{pid}/fd/ r,
--- a/apparmor.d/groups/browsers/chrome-sandbox
+++ b/apparmor.d/groups/browsers/chrome-sandbox
@ -7,9 +7,9 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_lib_dirs} = /opt/google/chrome{,-stable,-beta,-unstable}
+@{lib_dirs} = /opt/google/chrome{,-stable,-beta,-unstable}

-@{exec_path} = @{chromium_lib_dirs}/chrome-sandbox
+@{exec_path} = @{lib_dirs}/chrome-sandbox
 profile chrome-sandbox @{exec_path} {
  include <abstractions/base>

@ -21,8 +21,8 @@ profile chrome-sandbox @{exec_path} {

  @{exec_path} mr,

-  @{chromium_lib_dirs}/chrome      rPx,
-  @{chromium_lib_dirs}/nacl_helper rix,
+  @{lib_dirs}/chrome      rPx,
+  @{lib_dirs}/nacl_helper rix,

        @{PROC} r,
        @{PROC}/@{pids}/ r,
--- a/apparmor.d/groups/browsers/chrome-wrapper
+++ b/apparmor.d/groups/browsers/chrome-wrapper
@ -7,9 +7,9 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_lib_dirs} = /opt/google/chrome{,-beta,-unstable}
+@{lib_dirs} = /opt/google/chrome{,-beta,-unstable}

-@{exec_path} = @{chromium_lib_dirs}/google-chrome{,-beta,-unstable}
+@{exec_path} = @{lib_dirs}/google-chrome{,-beta,-unstable}
 profile chrome-wrapper @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
@ -24,7 +24,7 @@ profile chrome-wrapper @{exec_path} {
  @{bin}/touch                 rix,
  @{bin}/which{,.debianutils}  rix,

-  @{chromium_lib_dirs}/chrome   rPx,
+  @{lib_dirs}/chrome   rPx,

  owner @{user_config_dirs}/chrome-flags.conf r,

--- a/apparmor.d/groups/browsers/chromium
+++ b/apparmor.d/groups/browsers/chromium
@ -7,13 +7,13 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_name} = chromium
-@{chromium_domain} = org.chromium.Chromium
-@{chromium_lib_dirs} = @{lib}/@{chromium_name}
-@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
-@{chromium_cache_dirs} = @{user_cache_dirs}/@{chromium_name}
+@{name} = chromium
+@{domain} = org.chromium.Chromium
+@{lib_dirs} = @{lib}/@{name}
+@{config_dirs} = @{user_config_dirs}/@{name}
+@{cache_dirs} = @{user_cache_dirs}/@{name}

-@{exec_path} = @{chromium_lib_dirs}/@{chromium_name}
+@{exec_path} = @{lib_dirs}/@{name}
 profile chromium @{exec_path} {
  include <abstractions/base>
  include <abstractions/chromium>
--- a/apparmor.d/groups/browsers/chromium-crashpad-handler
+++ b/apparmor.d/groups/browsers/chromium-crashpad-handler
@ -7,7 +7,7 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_config_dirs} = @{user_config_dirs}/chromium
+@{config_dirs} = @{user_config_dirs}/chromium

@{exec_path} = @{lib}/chromium/chrome_crashpad_handler
 profile chromium-crashpad-handler @{exec_path} {
@ -20,7 +20,7 @@ profile chromium-crashpad-handler @{exec_path} {

  @{exec_path} mrix,

-  owner "@{chromium_config_dirs}/Crash Reports/**" rwk,
+  owner "@{config_dirs}/Crash Reports/**" rwk,

        @{PROC}/sys/kernel/yama/ptrace_scope r,
  owner @{PROC}/@{pid}/fd/ r,
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@ -7,12 +7,12 @@ abi <abi/3.0>,

 include <tunables/global>

-@{firefox_name} = firefox{,.sh,-esr,-bin}
-@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
-@{firefox_config_dirs} = @{HOME}/.mozilla/
-@{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/
+@{name} = firefox{,.sh,-esr,-bin}
+@{lib_dirs} = @{lib}/@{name} /opt/@{name}
+@{config_dirs} = @{HOME}/.mozilla/
+@{cache_dirs} = @{user_cache_dirs}/mozilla/

-@{exec_path} = @{bin}/@{firefox_name} @{firefox_lib_dirs}/@{firefox_name}
+@{exec_path} = @{bin}/@{name} @{lib_dirs}/@{name}
 profile firefox @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/audio>
@ -133,14 +133,14 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
  @{bin}/basename            rix,
  @{bin}/expr                rix,

-  @{firefox_lib_dirs}/{,**}             r,
-  @{firefox_lib_dirs}/*.so              mr,
-  @{firefox_lib_dirs}/crashreporter     rPx,
-  @{firefox_lib_dirs}/glxtest           rPx,
-  @{firefox_lib_dirs}/minidump-analyzer rPx,
-  @{firefox_lib_dirs}/pingsender        rPx,
-  @{firefox_lib_dirs}/plugin-container  rPx,
-  @{firefox_lib_dirs}/vaapitest         rPx,
+  @{lib_dirs}/{,**}             r,
+  @{lib_dirs}/*.so              mr,
+  @{lib_dirs}/crashreporter     rPx,
+  @{lib_dirs}/glxtest           rPx,
+  @{lib_dirs}/minidump-analyzer rPx,
+  @{lib_dirs}/pingsender        rPx,
+  @{lib_dirs}/plugin-container  rPx,
+  @{lib_dirs}/vaapitest         rPx,
  @{lib}/mozilla/kmozillahelper        rPUx,

  @{lib}/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr,
@ -164,7 +164,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
  # As a temporary solution - see issue #128
  @{bin}/keepassxc-proxy     rix,

-  /usr/share/@{firefox_name}/{,**} r,
+  /usr/share/@{name}/{,**} r,
  /usr/share/doc/{,**} r,
  /usr/share/egl/{,**} r,
  /usr/share/icu/@{int}.@{int}/*.dat r,
@ -173,7 +173,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
  /usr/share/webext/{,**} r,
  /usr/share/xul-ext/kwallet5/* r,

-  /etc/@{firefox_name}/{,**} r,
+  /etc/@{name}/{,**} r,
  /etc/cups/client.conf r,
  /etc/fstab r,
  /etc/igfx_user_feature{,_next}.txt w,
@ -205,18 +205,18 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
  owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw,
  owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw,

-  owner @{firefox_config_dirs}/ rw,
-  owner @{firefox_config_dirs}/{extensions,systemextensionsdev}/ rw,
-  owner @{firefox_config_dirs}/extensions/\{*\}/ r,
-  owner @{firefox_config_dirs}/firefox/ rw,
-  owner @{firefox_config_dirs}/firefox/*/ rw,
-  owner @{firefox_config_dirs}/firefox/*/** rwk,
-  owner @{firefox_config_dirs}/firefox/installs.ini rw,
-  owner @{firefox_config_dirs}/firefox/profiles.ini rw,
-  owner @{firefox_config_dirs}/native-messaging-hosts/org.keepassxc.keepassxc_browser.json r,
+  owner @{config_dirs}/ rw,
+  owner @{config_dirs}/{extensions,systemextensionsdev}/ rw,
+  owner @{config_dirs}/extensions/\{*\}/ r,
+  owner @{config_dirs}/firefox/ rw,
+  owner @{config_dirs}/firefox/*/ rw,
+  owner @{config_dirs}/firefox/*/** rwk,
+  owner @{config_dirs}/firefox/installs.ini rw,
+  owner @{config_dirs}/firefox/profiles.ini rw,
+  owner @{config_dirs}/native-messaging-hosts/org.keepassxc.keepassxc_browser.json r,

-  owner @{firefox_cache_dirs}/ rw,
-  owner @{firefox_cache_dirs}/** rwk,
+  owner @{cache_dirs}/ rw,
+  owner @{cache_dirs}/** rwk,

        /tmp/ r,
        /var/tmp/ r,
@ -224,10 +224,10 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
  owner /tmp/user/@{uid}/* rwk,
  owner /tmp/user/@{uid}/Temp-*/ rw,
  owner /tmp/user/@{uid}/Temp-*/* rwk,
-  owner /tmp/user/@{uid}/@{firefox_name}/ rw,
-  owner /tmp/user/@{uid}/@{firefox_name}/* rwk,
-  owner /tmp/@{firefox_name}/ rw,
-  owner /tmp/@{firefox_name}/* rwk,
+  owner /tmp/user/@{uid}/@{name}/ rw,
+  owner /tmp/user/@{uid}/@{name}/* rwk,
+  owner /tmp/@{name}/ rw,
+  owner /tmp/@{name}/* rwk,
  owner /tmp/* rw,
  owner /tmp/firefox_*/ rw,
  owner /tmp/firefox_*/* rwk,
@ -295,7 +295,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
  /tmp/.X0-lock r,

  # Silencer
-  deny @{firefox_lib_dirs}/** w,
+  deny @{lib_dirs}/** w,
  deny @{run}/user/@{uid}/gnome-shell-disable-extensions w,
  deny /tmp/MozillaUpdateLock-* w,
  deny owner @{HOME}/.* r,
--- a/apparmor.d/groups/browsers/firefox-crashreporter
+++ b/apparmor.d/groups/browsers/firefox-crashreporter
@ -7,12 +7,12 @@ abi <abi/3.0>,

 include <tunables/global>

-@{firefox_name} = firefox{,.sh,-esr,-bin}
-@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
-@{firefox_config_dirs} = @{HOME}/.mozilla/
-@{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/
+@{name} = firefox{,.sh,-esr,-bin}
+@{lib_dirs} = @{lib}/@{name} /opt/@{name}
+@{config_dirs} = @{HOME}/.mozilla/
+@{cache_dirs} = @{user_cache_dirs}/mozilla/

-@{exec_path} = @{firefox_lib_dirs}/crashreporter
+@{exec_path} = @{lib_dirs}/crashreporter
 profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/dconf-write>
@ -33,21 +33,21 @@ profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) {

  @{exec_path} mr,

-  @{firefox_lib_dirs}/minidump-analyzer rPx,
+  @{lib_dirs}/minidump-analyzer rPx,

  @{bin}/mv rix,

  /usr/share/X11/xkb/** r,

-  owner "@{firefox_config_dirs}/firefox/Crash Reports/{,**}" rw,
-  owner @{firefox_config_dirs}/*.*/crashes/{,**} rw,
-  owner @{firefox_config_dirs}/*.*/crashes/events/@{uuid} rw,
-  owner @{firefox_config_dirs}/*.*/extensions/*.xpi r,
-  owner @{firefox_config_dirs}/*.*/minidumps/{,**} rw,
-  owner @{firefox_config_dirs}/*.*/minidumps//@{uuid}.{dmp,extra} r,
-  owner @{firefox_config_dirs}/*.*/storage/default/* r,
+  owner "@{config_dirs}/firefox/Crash Reports/{,**}" rw,
+  owner @{config_dirs}/*.*/crashes/{,**} rw,
+  owner @{config_dirs}/*.*/crashes/events/@{uuid} rw,
+  owner @{config_dirs}/*.*/extensions/*.xpi r,
+  owner @{config_dirs}/*.*/minidumps/{,**} rw,
+  owner @{config_dirs}/*.*/minidumps//@{uuid}.{dmp,extra} r,
+  owner @{config_dirs}/*.*/storage/default/* r,

-  owner @{firefox_cache_dirs}/firefox/*.*/** r,
+  owner @{cache_dirs}/firefox/*.*/** r,

        /tmp/ r,
    /var/tmp/ r,
--- a/apparmor.d/groups/browsers/firefox-glxtest
+++ b/apparmor.d/groups/browsers/firefox-glxtest
@ -6,11 +6,11 @@ abi <abi/3.0>,

 include <tunables/global>

-@{firefox_name} = firefox{,.sh,-esr,-bin}
-@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
-@{firefox_config_dirs} = @{HOME}/.mozilla/
+@{name} = firefox{,.sh,-esr,-bin}
+@{lib_dirs} = @{lib}/@{name} /opt/@{name}
+@{config_dirs} = @{HOME}/.mozilla/

-@{exec_path} = @{firefox_lib_dirs}/glxtest
+@{exec_path} = @{lib_dirs}/glxtest
 profile firefox-glxtest @{exec_path} {
  include <abstractions/base>
  include <abstractions/dri-common>
@ -23,7 +23,7 @@ profile firefox-glxtest @{exec_path} {

  @{exec_path} mr,

-  owner @{firefox_config_dirs}/firefox/*/.parentlock rw,
+  owner @{config_dirs}/firefox/*/.parentlock rw,

  owner /tmp/firefox/.parentlock rw,

--- a/apparmor.d/groups/browsers/firefox-minidump-analyzer
+++ b/apparmor.d/groups/browsers/firefox-minidump-analyzer
@ -9,12 +9,12 @@ include <tunables/global>

@{MOZ_HOMEDIR} = @{HOME}/.mozilla

-@{firefox_name} = firefox{,.sh,-esr,-bin}
-@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
-@{firefox_config_dirs} = @{HOME}/.mozilla/
-@{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/
+@{name} = firefox{,.sh,-esr,-bin}
+@{lib_dirs} = @{lib}/@{name} /opt/@{name}
+@{config_dirs} = @{HOME}/.mozilla/
+@{cache_dirs} = @{user_cache_dirs}/mozilla/

-@{exec_path} = @{firefox_lib_dirs}/minidump-analyzer
+@{exec_path} = @{lib_dirs}/minidump-analyzer
 profile firefox-minidump-analyzer @{exec_path} {
  include <abstractions/base>

@ -24,15 +24,15 @@ profile firefox-minidump-analyzer @{exec_path} {

  owner @{HOME}/.xsession-errors w,

-  owner "@{firefox_config_dirs}/firefox/Crash Reports/" rw,
-  owner "@{firefox_config_dirs}/firefox/Crash Reports/pending/" rw,
-  owner "@{firefox_config_dirs}/firefox/Crash Reports/pending/@{hex}.{dmp,extra}" rw,
-  owner @{firefox_config_dirs}/*.*/extensions/*.xpi r,
-  owner @{firefox_config_dirs}/*.*/minidumps/ rw,
-  owner @{firefox_config_dirs}/*.*/minidumps/@{uuid}.{dmp,extra} rw,
-  owner @{firefox_config_dirs}/*.*/storage/default/* r,
+  owner "@{config_dirs}/firefox/Crash Reports/" rw,
+  owner "@{config_dirs}/firefox/Crash Reports/pending/" rw,
+  owner "@{config_dirs}/firefox/Crash Reports/pending/@{hex}.{dmp,extra}" rw,
+  owner @{config_dirs}/*.*/extensions/*.xpi r,
+  owner @{config_dirs}/*.*/minidumps/ rw,
+  owner @{config_dirs}/*.*/minidumps/@{uuid}.{dmp,extra} rw,
+  owner @{config_dirs}/*.*/storage/default/* r,

-  owner @{firefox_cache_dirs}/firefox/*.*/startupCache/*Cache* r,
+  owner @{cache_dirs}/firefox/*.*/startupCache/*Cache* r,

  owner /tmp/@{hex}.{dmp,extra} rw,
  owner /tmp/firefox/.parentlock w,
--- a/apparmor.d/groups/browsers/firefox-pingsender
+++ b/apparmor.d/groups/browsers/firefox-pingsender
@ -7,11 +7,11 @@ abi <abi/3.0>,

 include <tunables/global>

-@{firefox_name} = firefox{,.sh,-esr,-bin}
-@{firefox_lib_dirs} = @{lib}/@{firefox_name}/ /opt/@{firefox_name}/
-@{firefox_config_dirs} = @{HOME}/.mozilla/
+@{name} = firefox{,.sh,-esr,-bin}
+@{lib_dirs} = @{lib}/@{name}/ /opt/@{name}/
+@{config_dirs} = @{HOME}/.mozilla/

-@{exec_path} = @{firefox_lib_dirs}/pingsender
+@{exec_path} = @{lib_dirs}/pingsender
 profile firefox-pingsender @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
@ -25,7 +25,7 @@ profile firefox-pingsender @{exec_path} {

  @{exec_path} mr,

-  owner @{firefox_config_dirs}/firefox/*.*/saved-telemetry-pings/@{uuid} rw,
+  owner @{config_dirs}/firefox/*.*/saved-telemetry-pings/@{uuid} rw,

  owner @{PROC}/@{pid}/stat r,
  owner @{PROC}/@{pid}/task/@{tid}/stat r,
--- a/apparmor.d/groups/browsers/firefox-plugin-container
+++ b/apparmor.d/groups/browsers/firefox-plugin-container
@ -7,10 +7,10 @@ abi <abi/3.0>,

 include <tunables/global>

-@{firefox_name} = firefox{,.sh,-esr,-bin}
-@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
+@{name} = firefox{,.sh,-esr,-bin}
+@{lib_dirs} = @{lib}/@{name} /opt/@{name}

-@{exec_path} = @{firefox_lib_dirs}/plugin-container
+@{exec_path} = @{lib_dirs}/plugin-container
 profile firefox-plugin-container @{exec_path} {
  include <abstractions/base>

--- a/apparmor.d/groups/browsers/firefox-vaapitest
+++ b/apparmor.d/groups/browsers/firefox-vaapitest
@ -6,11 +6,11 @@ abi <abi/3.0>,

 include <tunables/global>

-@{firefox_name} = firefox{,.sh,-esr,-bin}
-@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
-@{firefox_config_dirs} = @{HOME}/.mozilla/
+@{name} = firefox{,.sh,-esr,-bin}
+@{lib_dirs} = @{lib}/@{name} /opt/@{name}
+@{config_dirs} = @{HOME}/.mozilla/

-@{exec_path} = @{firefox_lib_dirs}/vaapitest
+@{exec_path} = @{lib_dirs}/vaapitest
 profile firefox-vaapitest @{exec_path} {
  include <abstractions/base>
  include <abstractions/dri-enumerate>
@ -25,8 +25,8 @@ profile firefox-vaapitest @{exec_path} {
  /etc/igfx_user_feature{,_next}.txt w,
  /etc/libva.conf r,

-  deny owner @{firefox_config_dirs}/firefox/*/.parentlock rw,
-  deny owner @{firefox_config_dirs}/firefox/*/startupCache/** r,
+  deny owner @{config_dirs}/firefox/*/.parentlock rw,
+  deny owner @{config_dirs}/firefox/*/startupCache/** r,
  deny owner @{user_cache_dirs}/mozilla/firefox/*/startupCache/* r,

  owner /tmp/firefox/.parentlock rw,
--- a/apparmor.d/groups/browsers/opera
+++ b/apparmor.d/groups/browsers/opera
@ -7,22 +7,22 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_name} = opera{,-beta,-developer}
-@{chromium_domain} = com.opera.Opera
-@{chromium_lib_dirs} = @{lib}/@{multiarch}/@{chromium_name}
-@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
-@{chromium_cache_dirs} = @{user_cache_dirs}/@{chromium_name}
+@{name} = opera{,-beta,-developer}
+@{domain} = com.opera.Opera
+@{lib_dirs} = @{lib}/@{multiarch}/@{name}
+@{config_dirs} = @{user_config_dirs}/@{name}
+@{cache_dirs} = @{user_cache_dirs}/@{name}

-@{exec_path} = @{chromium_lib_dirs}/@{chromium_name}
+@{exec_path} = @{lib_dirs}/@{name}
 profile opera @{exec_path} {
  include <abstractions/base>
  include <abstractions/chromium>

  @{exec_path} mrix,

-  @{chromium_lib_dirs}/opera_autoupdate    krix,
-  @{chromium_lib_dirs}/opera_crashreporter  rPx,
-  @{chromium_lib_dirs}/opera-sandbox        rPx,
+  @{lib_dirs}/opera_autoupdate    krix,
+  @{lib_dirs}/opera_crashreporter  rPx,
+  @{lib_dirs}/opera-sandbox        rPx,

  /opt/google/chrome{,-beta,-unstable}/libwidevinecdm.so mr,
  /opt/google/chrome{,-beta,-unstable}/libwidevinecdmadapter.so mr,
--- a/apparmor.d/groups/browsers/opera-crashreporter
+++ b/apparmor.d/groups/browsers/opera-crashreporter
@ -7,11 +7,11 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_name} = opera{,-beta,-developer}
-@{chromium_lib_dirs} = @{lib}/@{multiarch}/@{chromium_name}
-@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
+@{name} = opera{,-beta,-developer}
+@{lib_dirs} = @{lib}/@{multiarch}/@{name}
+@{config_dirs} = @{user_config_dirs}/@{name}

-@{exec_path} = @{chromium_lib_dirs}/opera_crashreporter
+@{exec_path} = @{lib_dirs}/opera_crashreporter
 profile opera-crashreporter @{exec_path} {
  include <abstractions/base>
  include <abstractions/fontconfig-cache-read>
@ -25,9 +25,9 @@ profile opera-crashreporter @{exec_path} {

  @{exec_path} mr,

-  owner @{chromium_config_dirs}/crash_count.txt rwk,
-  owner @{chromium_config_dirs}/GPUCache/data_* r,
-  owner @{chromium_config_dirs}/GPUCache/index r,
+  owner @{config_dirs}/crash_count.txt rwk,
+  owner @{config_dirs}/GPUCache/data_* r,
+  owner @{config_dirs}/GPUCache/index r,

  owner @{PROC}/@{pids}/cmdline r,
  owner @{PROC}/@{pids}/environ r,
--- a/apparmor.d/groups/browsers/opera-sandbox
+++ b/apparmor.d/groups/browsers/opera-sandbox
@ -6,10 +6,10 @@ abi <abi/3.0>,

 include <tunables/global>

-@{chromium_name} = opera{,-beta,-developer}
-@{chromium_lib_dirs} = @{lib}/@{multiarch}/@{chromium_name}
+@{name} = opera{,-beta,-developer}
+@{lib_dirs} = @{lib}/@{multiarch}/@{name}

-@{exec_path} = @{chromium_lib_dirs}/opera_sandbox
+@{exec_path} = @{lib_dirs}/opera_sandbox
 profile opera-sandbox @{exec_path} {
  include <abstractions/base>
  include <abstractions/fontconfig-cache-read>
@ -25,7 +25,7 @@ profile opera-sandbox @{exec_path} {

  @{exec_path} mr,

-  @{chromium_lib_dirs}/opera{,-beta,-developer} rPx,
+  @{lib_dirs}/opera{,-beta,-developer} rPx,

        @{PROC} r,
        @{PROC}/@{pids}/ r,