diff --git a/apparmor.d/abstractions/app/open b/apparmor.d/abstractions/app/open
new file mode 100644
index 00000000..0cbb7517
--- /dev/null
+++ b/apparmor.d/abstractions/app/open
@@ -0,0 +1,15 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Full set of rules for child-open-* profiles.
+
+  include <abstractions/desktop>
+
+  @{open_path} mrix,
+
+  @{sh_path} r,
+
+  /dev/tty rw,
+
+  include if exists <abstractions/app/open.d>
diff --git a/apparmor.d/groups/children/child-open b/apparmor.d/groups/children/child-open
index 034f46b3..927d412d 100644
--- a/apparmor.d/groups/children/child-open
+++ b/apparmor.d/groups/children/child-open
@@ -13,29 +13,16 @@
 
 # Note: This profile does not specify an attachment path because it is
 # intended to be used only via "Px -> child-open" exec transitions
-# from other profiles. 
+# from other profiles.
 
 abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path}  = @{bin}/exo-open @{bin}/xdg-open 
-@{exec_path} += @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop @{lib}/gio-launch-desktop
 profile child-open {
   include <abstractions/base>
   include <abstractions/app-open>
-  include <abstractions/dri-enumerate>
-  include <abstractions/mesa>
-  include <abstractions/vulkan>
-  include <abstractions/xdg-open>
-
-  @{exec_path} mrix,
-
-  @{sh_path}               rix,
-  @{bin}/{,m,g}awk         rix,
-  @{bin}/basename          rix,
-  @{bin}/env               rix,
-  @{bin}/readlink          rix,
+  include <abstractions/app/open>
 
   include if exists <usr/child-open.d>
   include if exists <local/child-open>
diff --git a/apparmor.d/groups/children/child-open-browsers b/apparmor.d/groups/children/child-open-browsers
index 46643c5e..42b84136 100644
--- a/apparmor.d/groups/children/child-open-browsers
+++ b/apparmor.d/groups/children/child-open-browsers
@@ -17,11 +17,8 @@ include <tunables/global>
 
 profile child-open-browsers {
   include <abstractions/base>
-  include <abstractions/desktop>
+  include <abstractions/app/open>
 
-  @{open_path} mrix,
-
-  @{bin}/chromium               rPx,
   @{browsers_path}              rPx,
 
   include if exists <usr/child-open-browsers.d>
diff --git a/apparmor.d/groups/children/child-open-help b/apparmor.d/groups/children/child-open-help
index 2d7f0deb..3145871d 100644
--- a/apparmor.d/groups/children/child-open-help
+++ b/apparmor.d/groups/children/child-open-help
@@ -8,13 +8,9 @@ include <tunables/global>
 
 profile child-open-help {
   include <abstractions/base>
-  include <abstractions/desktop>
+  include <abstractions/app/open>
 
-  @{open_path} mrix,
-
-  @{bin}/chromium               rPx,
   @{browsers_path}              rPx,
-
   @{bin}/yelp                  rPUx,
 
   include if exists <usr/child-open-help.d>
diff --git a/apparmor.d/groups/children/child-open-strict b/apparmor.d/groups/children/child-open-strict
index f2efd5ad..184d2b2c 100644
--- a/apparmor.d/groups/children/child-open-strict
+++ b/apparmor.d/groups/children/child-open-strict
@@ -13,20 +13,10 @@ include <tunables/global>
 
 profile child-open-strict {
   include <abstractions/base>
-  include <abstractions/desktop>
+  include <abstractions/app/open>
 
-  @{open_path} mrix,
-  @{sh_path} r,
-
-  # Browsers
-  @{bin}/chromium               rPx,
   @{browsers_path}              rPx,
-
-  # Files explorer
-  @{bin}/nautilus               rPx,
-  @{bin}/dolphin                rPx,
-
-  /dev/tty rw,
+  @{file_explorers_path}        rPx,
 
   include if exists <usr/child-open-strict.d>
   include if exists <local/child-open-strict>
diff --git a/apparmor.d/groups/freedesktop/polkitd b/apparmor.d/groups/freedesktop/polkitd
index 4230b223..aa50668c 100644
--- a/apparmor.d/groups/freedesktop/polkitd
+++ b/apparmor.d/groups/freedesktop/polkitd
@@ -36,7 +36,7 @@ profile polkitd @{exec_path} flags=(attach_disconnected) {
 
   # System rules
   /etc/polkit-1/rules.d/ r,
-  /etc/polkit-1/rules.d/[0-9][0-9]-*.rules r,
+  /etc/polkit-1/rules.d/@{int2}-*.rules r,
   /etc/polkit-1/localauthority/{,**} r,
   /etc/polkit-1/localauthority.conf.d/{,**} r,
   /etc/polkit-1/actions/{,*.policy} r,
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index f4db9309..dac66761 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -198,7 +198,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   /usr/share/gdm/greeter/applications/{,**} r,
   /usr/share/libgweather/Locations.xml r,
   /usr/share/libinput*/ r,
-  /usr/share/libinput*/{,**/}[0-9][0-9]-*.quirks r,
+  /usr/share/libinput*/{,**/}@{int2}-*.quirks r,
   /usr/share/libinput*/libinput/ r,
   /usr/share/libwacom/{,*.stylus,*.tablet} r,
   /usr/share/wallpapers/** r,
diff --git a/apparmor.d/groups/systemd/systemd-udevd b/apparmor.d/groups/systemd/systemd-udevd
index ee776063..dcec46b1 100644
--- a/apparmor.d/groups/systemd/systemd-udevd
+++ b/apparmor.d/groups/systemd/systemd-udevd
@@ -104,7 +104,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) {
   /etc/modprobe.d/*.conf r,
 
   /etc/systemd/network/ r,
-  /etc/systemd/network/[0-9][0-9]-*.link r,
+  /etc/systemd/network/@{int2}-*.link r,
 
   @{run}/udev/ rw,
   @{run}/udev/** rwk,
diff --git a/apparmor.d/profiles-g-l/kernel-install b/apparmor.d/profiles-g-l/kernel-install
index e7e8cc8f..af657871 100644
--- a/apparmor.d/profiles-g-l/kernel-install
+++ b/apparmor.d/profiles-g-l/kernel-install
@@ -28,7 +28,7 @@ profile kernel-install @{exec_path} {
   @{bin}/kmod       rCx -> kmod,
 
   @{lib}/kernel/install.d/ r,
-  @{lib}/kernel/install.d/[0-9][0-9]-*.install rix,
+  @{lib}/kernel/install.d/@{int2}-*.install rix,
 
   /etc/kernel/install.d/ r,
   /etc/kernel/install.d/*.install rix,
diff --git a/apparmor.d/profiles-m-r/monitorix b/apparmor.d/profiles-m-r/monitorix
index 56bcc21e..88699a37 100644
--- a/apparmor.d/profiles-m-r/monitorix
+++ b/apparmor.d/profiles-m-r/monitorix
@@ -51,7 +51,7 @@ profile monitorix @{exec_path} {
 
   /etc/monitorix/monitorix.conf r,
   /etc/monitorix/conf.d/ r,
-  /etc/monitorix/conf.d/[0-9][0-9]-*.conf r,
+  /etc/monitorix/conf.d/@{int2}-*.conf r,
 
   /var/log/monitorix w,
   /var/log/monitorix-* w,
diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam
index d370dbb2..9e53650f 100644
--- a/apparmor.d/profiles-s-z/steam
+++ b/apparmor.d/profiles-s-z/steam
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{lib_dirs} = @{user_share_dirs}/Steam/ubuntu[0-9][0-9]_{32,64}
+@{lib_dirs} = @{user_share_dirs}/Steam/ubuntu@{int2}_{32,64}
 
 @{exec_path} = @{user_share_dirs}/Steam/steam.sh
 profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) {
diff --git a/apparmor.d/profiles-s-z/steam-gameoverlayui b/apparmor.d/profiles-s-z/steam-gameoverlayui
index 44100175..b259ebd8 100644
--- a/apparmor.d/profiles-s-z/steam-gameoverlayui
+++ b/apparmor.d/profiles-s-z/steam-gameoverlayui
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{steam_lib_dirs} = @{user_share_dirs}/Steam/ubuntu[0-9][0-9]_{32,64}
+@{steam_lib_dirs} = @{user_share_dirs}/Steam/ubuntu@{int2}_{32,64}
 
 @{exec_path} = @{steam_lib_dirs}/gameoverlayui
 profile steam-gameoverlayui @{exec_path} {