diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon
index b072bcae..52707ff6 100644
--- a/apparmor.d/groups/bus/ibus-daemon
+++ b/apparmor.d/groups/bus/ibus-daemon
@@ -42,6 +42,7 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
 
   @{sh_path}             rix,
   @{lib}/{,ibus/}ibus-*  rPUx,
+  @{lib}/ibus-*/ibus-*   rPUx,
 
   /usr/share/ibus/{,**} r,
   /usr/share/ibus-table/{,**} r,
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal
index 65420a2e..59ef5a73 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal
@@ -84,6 +84,11 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
 
   owner @{run}/user/@{uid}/.flatpak/{,*/*} r,
 
+  @{sys}/devices/virtual/dmi/id/bios_vendor r,
+  @{sys}/devices/virtual/dmi/id/board_vendor r,
+  @{sys}/devices/virtual/dmi/id/product_name r,
+  @{sys}/devices/virtual/dmi/id/sys_vendor r,
+
         @{PROC}/ r,
         @{PROC}/*/ r,
         @{PROC}/1/cgroup r,
diff --git a/apparmor.d/groups/gnome/gio-launch-desktop b/apparmor.d/groups/gnome/gio-launch-desktop
index 19b33d74..8e6d80f9 100644
--- a/apparmor.d/groups/gnome/gio-launch-desktop
+++ b/apparmor.d/groups/gnome/gio-launch-desktop
@@ -3,6 +3,11 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+# TODO: Rethink this profile:
+# - Access to gio from a profile is handled by child-open-*
+# - Direct access should only be needed is some special context and it should not
+#   require access to that much resources.
+
 abi <abi/3.0>,
 
 include <tunables/global>
diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color
index 5c43cddf..8d77f6cb 100644
--- a/apparmor.d/groups/gnome/gsd-color
+++ b/apparmor.d/groups/gnome/gsd-color
@@ -21,6 +21,8 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
   include <abstractions/gnome-strict>
   include <abstractions/nameservice-strict>
 
+  network inet stream,
+
   signal (receive) set=(term, hup) peer=gdm*,
 
   #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Color
diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard
index c87d6c9b..d621a43a 100644
--- a/apparmor.d/groups/gnome/gsd-keyboard
+++ b/apparmor.d/groups/gnome/gsd-keyboard
@@ -21,6 +21,8 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
   include <abstractions/gnome-strict>
   include <abstractions/nameservice-strict>
 
+  network inet stream,
+
   signal (receive) set=(term, hup) peer=gdm*,
 
   #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Keyboard
diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power
index 09683999..2c21bc4f 100644
--- a/apparmor.d/groups/gnome/gsd-power
+++ b/apparmor.d/groups/gnome/gsd-power
@@ -30,6 +30,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
   include <abstractions/gnome-strict>
   include <abstractions/nameservice-strict>
 
+  network inet stream,
   network netlink raw,
 
   signal (receive) set=(term, hup) peer=gdm*,
diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard
index c72c9a8e..b0ff24b5 100644
--- a/apparmor.d/groups/gnome/gsd-smartcard
+++ b/apparmor.d/groups/gnome/gsd-smartcard
@@ -31,13 +31,17 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
   /etc/{,opensc/}opensc.conf r,
-
-  owner @{GDM_HOME}/greeter-dconf-defaults r,
-  owner @{gdm_config_dirs}/dconf/user r,
+  /etc/tpm2-tss/* r,
 
   /var/tmp/ r,
   /tmp/ r,
 
+  owner @{GDM_HOME}/.tpm2_pkcs11/tpm2_pkcs11.sqlite3 rw,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_config_dirs}/dconf/user r,
+
+  owner @{HOME}/.tpm2_pkcs11/tpm2_pkcs11.sqlite3 rw,
+
   owner /dev/tty@{int} rw,
 
   include if exists <local/gsd-smartcard>
diff --git a/apparmor.d/groups/systemd/systemd-sleep-tlp b/apparmor.d/groups/systemd/systemd-sleep-tlp
index 1e7d3fe3..03fb6935 100644
--- a/apparmor.d/groups/systemd/systemd-sleep-tlp
+++ b/apparmor.d/groups/systemd/systemd-sleep-tlp
@@ -12,6 +12,7 @@ profile systemd-sleep-tlp @{exec_path} {
 
   @{exec_path} mr,
 
+  @{sh_path} rix,
   @{bin}/tlp rPUx,
 
   include if exists <local/systemd-sleep-tlp>
diff --git a/apparmor.d/profiles-s-z/usbguard-daemon b/apparmor.d/profiles-s-z/usbguard-daemon
index d6c05f78..674da7ad 100644
--- a/apparmor.d/profiles-s-z/usbguard-daemon
+++ b/apparmor.d/profiles-s-z/usbguard-daemon
@@ -24,8 +24,8 @@ profile usbguard-daemon @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
+  /etc/usbguard/{,**} r,
   /etc/usbguard/*.conf rw,
-  /etc/usbguard/IPCAccessControl.d/{,*} r,
 
   owner @{run}/usbguard.pid rwk,
 
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 06eae76b..53631aae 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -353,6 +353,7 @@ systemd-portabled complain
 systemd-remount-fs complain
 systemd-resolve complain
 systemd-shutdown complain
+systemd-sleep-tlp complain
 systemd-socket-proxyd complain
 systemd-udevd attach_disconnected,complain
 systemd-user-sessions complain