diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox
index ec743e27..98bba451 100644
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@@ -196,7 +196,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/@{pci}/drm/card@{int}/ r,
   @{sys}/devices/@{pci}/drm/renderD128/ r,
   @{sys}/devices/@{pci}/drm/renderD129/ r,
-  @{sys}/devices/system/cpu/present r,
   @{sys}/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,
 
   owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/background.slice/*/cpu.max r,
diff --git a/apparmor.d/groups/gnome/gnome-characters b/apparmor.d/groups/gnome/gnome-characters
index 9170875b..c06fd774 100644
--- a/apparmor.d/groups/gnome/gnome-characters
+++ b/apparmor.d/groups/gnome/gnome-characters
@@ -13,13 +13,10 @@ profile gnome-characters @{exec_path} {
   include <abstractions/bus-system>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/vulkan>
 
   dbus bind bus=session name=org.gnome.Characters,
   dbus receive bus=session path=/org/gnome/Characters/SearchProvider
@@ -31,12 +28,10 @@ profile gnome-characters @{exec_path} {
   @{bin}/gjs-console rix,
 
   /usr/share/icu/@{int}.@{int}/*.dat r,
-  /usr/share/libdrm/*.ids r,
   /usr/share/org.gnome.Characters/org.gnome.Characters.*.gresource r,
   /usr/share/nvidia/nvidia-application-profiles-*-rc r,
 
   owner @{PROC}/@{pid}/cmdline r,
-  owner @{PROC}/@{pid}/comm r,
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/stat r,
   owner @{PROC}/@{pid}/status r,
diff --git a/apparmor.d/groups/gnome/gnome-contacts b/apparmor.d/groups/gnome/gnome-contacts
index 34bc3731..1df3f055 100644
--- a/apparmor.d/groups/gnome/gnome-contacts
+++ b/apparmor.d/groups/gnome/gnome-contacts
@@ -14,16 +14,12 @@ profile gnome-contacts @{exec_path} {
   include <abstractions/bus/org.a11y>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/gstreamer>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
   include <abstractions/openssl>
   include <abstractions/ssl_certs>
-  include <abstractions/vulkan>
 
   network netlink raw,
 
diff --git a/apparmor.d/groups/gnome/gnome-contacts-search-provider b/apparmor.d/groups/gnome/gnome-contacts-search-provider
index a0aa865a..6950255e 100644
--- a/apparmor.d/groups/gnome/gnome-contacts-search-provider
+++ b/apparmor.d/groups/gnome/gnome-contacts-search-provider
@@ -10,21 +10,16 @@ include <tunables/global>
 profile gnome-contacts-search-provider @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
-  include <abstractions/opencl>
+  include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/openssl>
 
   signal (send) set=(term) peer=unconfined,
 
   @{exec_path} mr,
 
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
-  /usr/share/mime/mime.cache r,
-
-  /var/lib/flatpak/exports/share/mime/mime.cache r,
-
   owner @{user_share_dirs}/folks/{,**/} rw,
   owner @{user_share_dirs}/folks/relationships.ini rw,
-  owner @{user_share_dirs}/mime/mime.cache r,
 
   owner @{user_cache_dirs}/folks/{,**/} rw,
 
diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center
index a1c89f33..8bc876bb 100644
--- a/apparmor.d/groups/gnome/gnome-control-center
+++ b/apparmor.d/groups/gnome/gnome-control-center
@@ -15,15 +15,11 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   include <abstractions/dbus-session>
   include <abstractions/dbus>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/gstreamer>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-nvidia>
   include <abstractions/p11-kit>
-  include <abstractions/vulkan>
 
   network inet dgram,
   network inet6 dgram,
@@ -65,7 +61,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   /usr/share/backgrounds/{,**} r,
   /usr/share/cups/data/testprint r,
   /usr/share/desktop-base/**.{xml,png,svg} r,
-  /usr/share/egl/{,**} r,
   /usr/share/firefox{,-esr}/browser/chrome/icons/{,**} r,
   /usr/share/gnome-background-properties/{,**} r,
   /usr/share/gnome-bluetooth{-*,}/{,**} r,
@@ -73,7 +68,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   /usr/share/gnome-control-center/{,**} r,
   /usr/share/gnome-shell/search-providers/{,**} r,
   /usr/share/gnome/gnome-version.xml r,
-  /usr/share/libdrm/*.ids r,
   /usr/share/language-tools/main-countries r,
   /usr/share/pipewire/client.conf r,
   /usr/share/thumbnailers/{,*} r,
@@ -146,18 +140,17 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
 
   owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/{,**} rw,
 
+        @{PROC}/cmdline r,
+        @{PROC}/zoneinfo r,
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/cmdline r,
-  owner @{PROC}/@{pid}/comm r,
   owner @{PROC}/@{pid}/fd/ r,
+  owner @{PROC}/@{pid}/loginuid r,
   owner @{PROC}/@{pid}/maps r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/stat r,
   owner @{PROC}/@{pid}/statm r,
   owner @{PROC}/@{pid}/task/*/comm rw,
-  owner @{PROC}/@{pid}/loginuid r,
-        @{PROC}/cmdline r,
-        @{PROC}/zoneinfo r,
 
   /dev/ r,
   /dev/media@{int} r,
diff --git a/apparmor.d/groups/gnome/gnome-control-center-goa-helper b/apparmor.d/groups/gnome/gnome-control-center-goa-helper
index 3a8aa8e9..a09152c6 100644
--- a/apparmor.d/groups/gnome/gnome-control-center-goa-helper
+++ b/apparmor.d/groups/gnome/gnome-control-center-goa-helper
@@ -16,16 +16,12 @@ profile gnome-control-center-goa-helper @{exec_path} {
   include <abstractions/bus/org.freedesktop.Avahi>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
   include <abstractions/openssl>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
-  include <abstractions/vulkan>
 
   network inet dgram,
   network inet6 dgram,
diff --git a/apparmor.d/groups/gnome/gnome-control-center-print-renderer b/apparmor.d/groups/gnome/gnome-control-center-print-renderer
index e82e7c79..9c9e0e40 100644
--- a/apparmor.d/groups/gnome/gnome-control-center-print-renderer
+++ b/apparmor.d/groups/gnome/gnome-control-center-print-renderer
@@ -13,25 +13,18 @@ profile gnome-control-center-print-renderer @{exec_path} {
   include <abstractions/bus-session>
   include <abstractions/bus/org.a11y>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-nvidia>
-  include <abstractions/vulkan>
 
   @{exec_path} mr,
 
-  /usr/share/egl/{,**} r,
-  /usr/share/libdrm/*.ids r,
   /usr/share/pixmaps/{,**} r,
 
   /var/lib/flatpak/exports/share/icons/{,**} r,
   /var/lib/flatpak/exports/share/mime/mime.cache r,
 
   owner @{PROC}/@{pid}/cmdline r,
-  owner @{PROC}/@{pid}/comm r,
 
   include if exists <local/gnome-control-center-print-renderer>
 }
diff --git a/apparmor.d/groups/gnome/gnome-control-center-search-provider b/apparmor.d/groups/gnome/gnome-control-center-search-provider
index bad7e5ee..69a45ed3 100644
--- a/apparmor.d/groups/gnome/gnome-control-center-search-provider
+++ b/apparmor.d/groups/gnome/gnome-control-center-search-provider
@@ -11,11 +11,8 @@ profile gnome-control-center-search-provider @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
-  include <abstractions/vulkan>
+  include <abstractions/graphics>
 
   dbus bind bus=session name=org.gnome.Settings.SearchProvider,
   dbus receive bus=session path=/org/gnome/Settings/SearchProvider
@@ -24,10 +21,7 @@ profile gnome-control-center-search-provider @{exec_path} {
 
   @{exec_path} mr,
 
-  /usr/share/nvidia/nvidia-application-profiles-*-rc r,
-
   owner @{PROC}/@{pid}/cmdline r,
-  owner @{PROC}/@{pid}/comm r,
 
   include if exists <local/gnome-control-center-search-provider>
 }
diff --git a/apparmor.d/groups/gnome/gnome-extension-manager b/apparmor.d/groups/gnome/gnome-extension-manager
index 115fab05..6bb03810 100644
--- a/apparmor.d/groups/gnome/gnome-extension-manager
+++ b/apparmor.d/groups/gnome/gnome-extension-manager
@@ -10,17 +10,11 @@ include <tunables/global>
 profile gnome-extension-manager @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
-  include <abstractions/mesa>
+  include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
-  include <abstractions/vulkan>
 
   network inet dgram,
   network inet6 dgram,
diff --git a/apparmor.d/groups/gnome/gnome-extensions-app b/apparmor.d/groups/gnome/gnome-extensions-app
index 9934ec74..7c2af86b 100644
--- a/apparmor.d/groups/gnome/gnome-extensions-app
+++ b/apparmor.d/groups/gnome/gnome-extensions-app
@@ -10,15 +10,9 @@ include <tunables/global>
 profile gnome-extensions-app @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
-  include <abstractions/mesa>
+  include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
-  include <abstractions/vulkan>
 
   @{exec_path} mr,
 
@@ -30,7 +24,6 @@ profile gnome-extensions-app @{exec_path} {
   /usr/share/gnome-shell/org.gnome.Extensions* r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
   /usr/share/terminfo/** r,
-  /usr/share/X11/xkb/{,**} r,
 
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pids}/stat r,
diff --git a/apparmor.d/groups/gnome/gnome-music b/apparmor.d/groups/gnome/gnome-music
index f7dae57f..87ed8e49 100644
--- a/apparmor.d/groups/gnome/gnome-music
+++ b/apparmor.d/groups/gnome/gnome-music
@@ -12,17 +12,13 @@ profile gnome-music @{exec_path} {
   include <abstractions/audio>
   include <abstractions/dconf-write>
   include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/gstreamer>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-intel>
-  include <abstractions/opencl-mesa>
-  include <abstractions/opencl-nvidia>
   include <abstractions/openssl>
   include <abstractions/p11-kit>
   include <abstractions/python>
   include <abstractions/ssl_certs>
-  include <abstractions/vulkan>
 
   network inet stream,
   network inet6 stream,
@@ -35,8 +31,6 @@ profile gnome-music @{exec_path} {
   @{bin}/python3.[0-9]* rix,
   @{lib}/python3.[0-9]*/site-packages//gnomemusic/__pycache__/{,**} rw,
 
-  /usr/share/egl/{,**} r,
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/grilo-plugins/grl-lua-factory/{,*} r,
   /usr/share/org.gnome.Music/{,**} r,
   /usr/share/tracker3/{,**} r,
diff --git a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon
index 14b1750c..ef0d7b5d 100644
--- a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon
+++ b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon
@@ -11,10 +11,8 @@ profile gnome-remote-desktop-daemon @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
+  include <abstractions/graphics>
   include <abstractions/openssl>
-  include <abstractions/vulkan>
 
   network inet stream,
   network inet6 stream,
@@ -25,8 +23,5 @@ profile gnome-remote-desktop-daemon @{exec_path} {
 
   owner @{run}/user/@{uid}/wayland-@{int} rw,
 
-  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node@{int}/meminfo r,
-
   include if exists <local/gnome-remote-desktop-daemon>
 }
diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary
index e2468929..4588b658 100644
--- a/apparmor.d/groups/gnome/gnome-session-binary
+++ b/apparmor.d/groups/gnome/gnome-session-binary
@@ -19,12 +19,9 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
   include <abstractions/bus/org.gnome.ScreenSaver>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/vulkan>
 
   network inet stream,
   network inet6 stream,
@@ -110,7 +107,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/gdm/greeter/applications/{,**} r,
   /usr/share/gdm/greeter/autostart/{,*.desktop} r,
-  /usr/share/glvnd/egl_vendor.d/ r,
   /usr/share/gnome-session/hardware-compatibility r,
   /usr/share/gnome-session/sessions/*.session r,
   /usr/share/gnome/autostart/{,*.desktop} r,
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index dc2e78ab..e9318b53 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -28,6 +28,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.freedesktop.login1.Session>
   include <abstractions/bus/org.freedesktop.login1>
   include <abstractions/bus/org.freedesktop.NetworkManager>
+  include <abstractions/bus/org.freedesktop.Notifications>
   include <abstractions/bus/org.freedesktop.PackageKit>
   include <abstractions/bus/org.freedesktop.PolicyKit1>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
@@ -40,22 +41,16 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.gtk.vfs.Metadata>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fontconfig-cache-write>
   include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/gstreamer>
   include <abstractions/ibus>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-intel>
-  include <abstractions/opencl-mesa>
-  include <abstractions/opencl-nvidia>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
   include <abstractions/thumbnails-cache-read>
   include <abstractions/video>
-  include <abstractions/vulkan>
 
   capability sys_nice,
   capability sys_ptrace,
@@ -237,7 +232,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/gdm/greeter/applications/{,**} r,
   /usr/share/gnome-shell/{,**} r,
-  /usr/share/libdrm/*.ids r,
   /usr/share/libgweather/Locations.xml r,
   /usr/share/libinput*/ r,
   /usr/share/libinput*/{,**/}[0-9][0-9]-*.quirks r,
@@ -298,8 +292,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   owner @{user_config_dirs}/.goutputstream{,-@{rand6}} rw,
   owner @{user_config_dirs}/ibus/ w,
   owner @{user_config_dirs}/monitors.xml{,~} rwl,
-  owner @{user_config_dirs}/pulse/ r,
-  owner @{user_config_dirs}/pulse/ w, # change to 'c'
+  owner @{user_config_dirs}/pulse/ rw,
   owner @{user_config_dirs}/tiling-assistant/{,**} rw,
 
   owner @{user_share_dirs}/backgrounds/{,**} rw,
@@ -358,7 +351,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
 
   @{sys}/**/uevent r,
   @{sys}/bus/ r,
-  @{sys}/class/ r,
   @{sys}/class/hwmon/ r,
   @{sys}/class/input/ r,
   @{sys}/class/net/ r,
@@ -369,11 +361,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
   @{sys}/devices/**/power_supply/{,**} r,
   @{sys}/devices/@{pci}/boot_vga r,
-  @{sys}/devices/@{pci}/drm/ r,
   @{sys}/devices/@{pci}/input@{int}/{properties,name} r,
   @{sys}/devices/@{pci}/net/*/statistics/{rx_bytes,tx_bytes} r,
   @{sys}/devices/platform/**/input@{int}/{properties,name} r,
-  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
   @{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r,
 
         @{PROC}/ r,
@@ -387,7 +377,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
         @{PROC}/cmdline r,
         @{PROC}/sys/kernel/osrelease r,
         @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
-  owner @{PROC}/@{pid}/comm r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
diff --git a/apparmor.d/groups/gnome/gnome-software b/apparmor.d/groups/gnome/gnome-software
index 580e2fd3..447ac40a 100644
--- a/apparmor.d/groups/gnome/gnome-software
+++ b/apparmor.d/groups/gnome/gnome-software
@@ -10,16 +10,12 @@ include <tunables/global>
 profile gnome-software @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
   include <abstractions/openssl>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
-  include <abstractions/vulkan>
 
   network inet dgram,
   network inet6 dgram,
diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings
index 5c017587..27a27858 100644
--- a/apparmor.d/groups/gnome/gsd-xsettings
+++ b/apparmor.d/groups/gnome/gsd-xsettings
@@ -19,12 +19,10 @@ profile gsd-xsettings @{exec_path} {
   include <abstractions/bus/org.gnome.Shell.Introspect>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
 
   network inet stream,
   network inet6 stream,
@@ -59,7 +57,6 @@ profile gsd-xsettings @{exec_path} {
 
   /usr/share/dconf/profile/gdm r,
   /usr/share/gdm/greeter-dconf-defaults r,
-  /usr/share/libdrm/*.ids r,
 
   /etc/X11/Xsession.options r,
   @{etc_ro}/xdg/Xwayland-session.d/ r,
@@ -69,8 +66,6 @@ profile gsd-xsettings @{exec_path} {
   /var/lib/gdm{3,}/.config/dconf/user r,
   /var/lib/gdm3/greeter-dconf-defaults r,
 
-  owner @{user_cache_dirs}/mesa_shader_cache/index rw,
-
   @{run}/systemd/sessions/* r,
   @{run}/systemd/users/@{uid} r,
 
diff --git a/apparmor.d/groups/gnome/mutter-x11-frames b/apparmor.d/groups/gnome/mutter-x11-frames
index 1d44b610..ef4d2f8e 100644
--- a/apparmor.d/groups/gnome/mutter-x11-frames
+++ b/apparmor.d/groups/gnome/mutter-x11-frames
@@ -13,13 +13,9 @@ profile mutter-x11-frames @{exec_path} {
   include <abstractions/bus-session>
   include <abstractions/bus/org.a11y>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/nvidia>
-  include <abstractions/vulkan>
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus
index 082e66a9..22f49c7b 100644
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@@ -20,15 +20,11 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
   include <abstractions/dconf-write>
   include <abstractions/deny-sensitive-home>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-nvidia>
   include <abstractions/openssl>
   include <abstractions/trash>
-  include <abstractions/vulkan>
 
   # mqueue r type=posix /,
 
@@ -100,7 +96,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   @{open_path}               rPx -> child-open,
 
   /usr/share/icu/@{int}.@{int}/*.dat r,
-  /usr/share/libdrm/*.ids r,
   /usr/share/nautilus/{,**} r,
   /usr/share/poppler/{,**} r,
   /usr/share/sounds/freedesktop/stereo/*.oga r,
@@ -139,8 +134,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/**/hwmon@{int}/**/{,name,temp*,fan*} r,
   @{sys}/devices/**/hwmon/{,name,temp*,fan*} r,
   @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
-  @{sys}/devices/@{pci}/revision r,
-  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
 
         @{PROC}/@{pids}/net/wireless r,
         @{PROC}/sys/dev/i915/perf_stream_paranoid r,
@@ -149,7 +142,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/mountinfo r,
 
   /dev/tty rw,
-  /dev/dri/card@{int} rw,
 
   include if exists <local/nautilus>
 }
diff --git a/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer b/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
index ce428976..d112d994 100644
--- a/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
+++ b/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
@@ -11,15 +11,12 @@ profile org.gnome.NautilusPreviewer @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
   include <abstractions/deny-sensitive-home>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/gstreamer>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-nvidia>
   include <abstractions/private-files-strict>
   include <abstractions/video>
-  include <abstractions/vulkan>
 
   network netlink raw,
 
@@ -41,12 +38,12 @@ profile org.gnome.NautilusPreviewer @{exec_path} {
 
   @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511
 
-  @{sys}/devices/@{pci}/revision r,
   @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/dbus.service/memory.* r,
 
         @{PROC}/@{pid}/cgroup r,
         @{PROC}/zoneinfo r,
   owner @{PROC}/@{pid}/cmdline r,
+  owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/stat r,
   owner @{PROC}/@{pid}/task/@{tid}/stat r,
 
diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract
index 0e537ed9..02011fe9 100644
--- a/apparmor.d/groups/gnome/tracker-extract
+++ b/apparmor.d/groups/gnome/tracker-extract
@@ -16,12 +16,10 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
   include <abstractions/dconf-write>
   include <abstractions/deny-sensitive-home>
   include <abstractions/disks-read>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/gstreamer>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-nvidia>
   include <abstractions/openssl>
 
   network netlink raw,
@@ -50,7 +48,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
 
   /etc/blkid.conf r,
   /etc/fstab r,
-  /etc/libva.conf r,
 
   /var/lib/gdm{3,}/.cache/ rw,
   /var/lib/gdm{3,}/.cache/tracker3/{,**} rw,
@@ -69,7 +66,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
   owner @{MOUNTS}/{,**} r,
   owner /tmp/*/{,**} r,
 
-  owner @{user_cache_dirs}/ w,
   owner @{user_cache_dirs}/tracker3/ w,
   owner @{user_cache_dirs}/tracker3/files/{,**} rwk,
   owner @{user_share_dirs}/gvfs-metadata/** r,
@@ -86,8 +82,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
-  /dev/dri/card@{int} rw,
-  /dev/dri/renderD128 rw,
   /dev/media@{int} r,
   /dev/video@{int} rw,
   
diff --git a/apparmor.d/groups/kde/DiscoverNotifier b/apparmor.d/groups/kde/DiscoverNotifier
index 79f62c4e..6ab543a6 100644
--- a/apparmor.d/groups/kde/DiscoverNotifier
+++ b/apparmor.d/groups/kde/DiscoverNotifier
@@ -9,13 +9,10 @@ include <tunables/global>
 @{exec_path} = @{lib}/DiscoverNotifier
 profile DiscoverNotifier @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
 
   network inet dgram,
   network inet6 dgram,
diff --git a/apparmor.d/groups/kde/baloo b/apparmor.d/groups/kde/baloo
index fed25192..fc92d3ab 100644
--- a/apparmor.d/groups/kde/baloo
+++ b/apparmor.d/groups/kde/baloo
@@ -12,10 +12,8 @@ profile baloo @{exec_path} {
   include <abstractions/deny-sensitive-home>
   include <abstractions/disks-read>
   include <abstractions/fontconfig-cache-write> 
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
+  include <abstractions/desktop>
   include <abstractions/private-files-strict>
-  include <abstractions/qt5>
 
   network netlink raw,
 
diff --git a/apparmor.d/groups/kde/baloorunner b/apparmor.d/groups/kde/baloorunner
index 9d00338d..6def9b54 100644
--- a/apparmor.d/groups/kde/baloorunner
+++ b/apparmor.d/groups/kde/baloorunner
@@ -9,13 +9,10 @@ include <tunables/global>
 @{exec_path} = @{lib}/baloorunner
 profile baloorunner @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/kde/dolphin b/apparmor.d/groups/kde/dolphin
index e97dc91e..ae664a3b 100644
--- a/apparmor.d/groups/kde/dolphin
+++ b/apparmor.d/groups/kde/dolphin
@@ -11,13 +11,11 @@ profile dolphin @{exec_path} {
   include <abstractions/base>
   include <abstractions/deny-sensitive-home>
   include <abstractions/devices-usb>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   network netlink raw,
@@ -36,7 +34,6 @@ profile dolphin @{exec_path} {
   /usr/share/kio/{,**} r,
   /usr/share/kservices5/{,**} r,
   /usr/share/kservicetypes5/{,**} r,
-  /usr/share/mime/ r,
 
   /etc/fstab r,
   /etc/machine-id r,
diff --git a/apparmor.d/groups/kde/kaccess b/apparmor.d/groups/kde/kaccess
index b1c20c1f..8b0c6c93 100644
--- a/apparmor.d/groups/kde/kaccess
+++ b/apparmor.d/groups/kde/kaccess
@@ -9,11 +9,9 @@ include <tunables/global>
 @{exec_path} = @{bin}/kaccess
 profile kaccess @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
 
   @{exec_path} mr,
 
@@ -41,8 +39,6 @@ profile kaccess @{exec_path} {
   owner /tmp/xauth_@{rand6} r,
 
   owner @{run}/user/@{uid}/xauth_@{rand6} r,
-  
-  @{sys}/devices/@{pci}/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
 
   /dev/tty r,
 
diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd
index 93b82790..a883528f 100644
--- a/apparmor.d/groups/kde/kactivitymanagerd
+++ b/apparmor.d/groups/kde/kactivitymanagerd
@@ -24,7 +24,6 @@ profile kactivitymanagerd @{exec_path} {
   /usr/share/icu/@{int}.@{int}/*.dat r,
   /usr/share/kf5/kactivitymanagerd/{,**} r,
   /usr/share/kservices5/{,**} r,
-  /usr/share/mime/{,**} r,
 
   /etc/xdg/kdeglobals r,
   /etc/machine-id r,
diff --git a/apparmor.d/groups/kde/kalendarac b/apparmor.d/groups/kde/kalendarac
index 1a7a5536..ce8f3140 100644
--- a/apparmor.d/groups/kde/kalendarac
+++ b/apparmor.d/groups/kde/kalendarac
@@ -9,14 +9,11 @@ include <tunables/global>
 @{exec_path} = @{bin}/kalendarac
 profile kalendarac @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
 
   @{exec_path} mr,
 
@@ -54,9 +51,6 @@ profile kalendarac @{exec_path} {
   owner @{run}/user/@{uid}/pulse/ r,
   owner @{run}/user/@{uid}/xauth_@{rand6} rl,
 
-  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node@{int}/meminfo r,
-
   @{PROC}/sys/kernel/core_pattern r,
 
   /dev/tty r,
diff --git a/apparmor.d/groups/kde/kiod5 b/apparmor.d/groups/kde/kiod5
index 513b7102..c2ed54ba 100644
--- a/apparmor.d/groups/kde/kiod5
+++ b/apparmor.d/groups/kde/kiod5
@@ -9,11 +9,9 @@ include <tunables/global>
 @{exec_path} = @{lib}/kf5/kiod5
 profile kiod5 @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
-  include <abstractions/vulkan>
 
   network netlink raw,
 
diff --git a/apparmor.d/groups/kde/kioslave5 b/apparmor.d/groups/kde/kioslave5
index c7d5e5d1..016e57f6 100644
--- a/apparmor.d/groups/kde/kioslave5
+++ b/apparmor.d/groups/kde/kioslave5
@@ -10,19 +10,15 @@ include <tunables/global>
 profile kioslave5 @{exec_path} {
   include <abstractions/base>
   include <abstractions/deny-sensitive-home>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/nvidia>
   include <abstractions/openssl>
   include <abstractions/qt5>
   include <abstractions/ssl_certs>
   include <abstractions/thumbnails-cache-read>
   include <abstractions/trash>
-  include <abstractions/vulkan>
 
   network inet dgram,
   network inet6 dgram,
@@ -47,7 +43,6 @@ profile kioslave5 @{exec_path} {
   /usr/share/kio_desktop/directory.desktop r,
   /usr/share/kservices5/{,**} r,
   /usr/share/kservicetypes5/*.desktop r,
-  /usr/share/mime/ r,
   /usr/share/remoteview/* r,
 
   /etc/fstab r,
@@ -103,9 +98,6 @@ profile kioslave5 @{exec_path} {
   owner @{run}/user/@{uid}/kio_desktop*kioworker.socket rwl,
   owner @{run}/user/@{uid}/xauth_@{rand6} rl,
 
-  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node@{int}/meminfo r,
-
         @{PROC}/sys/kernel/core_pattern r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
diff --git a/apparmor.d/groups/kde/kscreenlocker-greet b/apparmor.d/groups/kde/kscreenlocker-greet
index d25229dd..511bb563 100644
--- a/apparmor.d/groups/kde/kscreenlocker-greet
+++ b/apparmor.d/groups/kde/kscreenlocker-greet
@@ -11,17 +11,15 @@ include <tunables/global>
 @{exec_path} += @{lib}/@{multiarch}/libexec/kscreenlocker_greet
 profile kscreenlocker-greet @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-enumerate>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-compose-cache-write>
   include <abstractions/qt5-shader-cache>
   include <abstractions/qt5>
   include <abstractions/X>
-  include <abstractions/vulkan>
 
   network netlink raw,
 
diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver
index 7b4fb405..80bcc170 100644
--- a/apparmor.d/groups/kde/ksmserver
+++ b/apparmor.d/groups/kde/ksmserver
@@ -10,13 +10,11 @@ include <tunables/global>
 profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
   include <abstractions/app-launcher-user>
-  include <abstractions/dri-common>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   signal (send) set=(usr1,term) peer=kscreenlocker-greet,
@@ -36,7 +34,6 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   /usr/share/icu/@{int}.@{int}/*.dat r,
   /usr/share/knotifications5/*.notifyrc r,
   /usr/share/kservices5/{,**} r,
-  /usr/share/mime/{,**} r,
 
   /etc/xdg/menus/applications-merged/ r,
   /etc/machine-id r,
@@ -70,8 +67,6 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   owner @{run}/user/@{uid}/KSMserver__[0-9] rw,
   owner @{run}/user/@{uid}/xauth_@{rand6} rl,
 
-  @{sys}/devices/@{pci}/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
-
   @{PROC}/sys/kernel/core_pattern r,
 
   /dev/tty r,
diff --git a/apparmor.d/groups/kde/ksplashqml b/apparmor.d/groups/kde/ksplashqml
index 686f4ec5..f95075b6 100644
--- a/apparmor.d/groups/kde/ksplashqml
+++ b/apparmor.d/groups/kde/ksplashqml
@@ -9,13 +9,10 @@ include <tunables/global>
 @{exec_path} = @{bin}/ksplashqml
 profile ksplashqml @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/vulkan>
   include <abstractions/qt5-shader-cache>
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/kde/kwalletd5 b/apparmor.d/groups/kde/kwalletd5
index 77e755ce..6224a7ee 100644
--- a/apparmor.d/groups/kde/kwalletd5
+++ b/apparmor.d/groups/kde/kwalletd5
@@ -12,17 +12,14 @@ profile kwalletd5 @{exec_path} {
   include <abstractions/base>
   include <abstractions/audio>
   include <abstractions/consoles>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
+  include <abstractions/graphics>
   include <abstractions/gtk>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-compose-cache-write>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/wayland>
   include <abstractions/X-strict>
 
diff --git a/apparmor.d/groups/kde/kwalletmanager5 b/apparmor.d/groups/kde/kwalletmanager5
index 1a723f18..19cdb540 100644
--- a/apparmor.d/groups/kde/kwalletmanager5
+++ b/apparmor.d/groups/kde/kwalletmanager5
@@ -12,12 +12,11 @@ profile kwalletmanager5 @{exec_path} {
   include <abstractions/base>
   include <abstractions/audio>
   include <abstractions/consoles>
-  include <abstractions/dri-enumerate>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
+  include <abstractions/graphics>
   include <abstractions/gtk>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-compose-cache-write>
   include <abstractions/qt5-settings-write>
diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland
index 7649b402..fb3bbf66 100644
--- a/apparmor.d/groups/kde/kwin_wayland
+++ b/apparmor.d/groups/kde/kwin_wayland
@@ -9,15 +9,12 @@ include <tunables/global>
 @{exec_path} = @{bin}/kwin_wayland
 profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fontconfig-cache-write>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-shader-cache>
-  include <abstractions/vulkan>
   include <abstractions/wayland>
 
   capability sys_nice,
@@ -43,7 +40,6 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   /usr/share/kservicetypes5/{,*.desktop} r,
   /usr/share/kwin/{,**} r,
   /usr/share/libinput/{,**} r,
-  /usr/share/mime/ r,
   /usr/share/plasma/desktoptheme/default/{metadata.json,plasmarc} r,
   /usr/share/qt/translations/*.qm r,
   /usr/share/X11/xkb/{,**} r,
@@ -55,7 +51,6 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   /usr/share/plasma/desktoptheme/default/** r,
   /usr/share/desktop-directories/*.directory r,
   
-
   owner /var/lib/sddm/.cache/#@{int} rwk,
   owner /var/lib/sddm/.cache/fontconfig/* rwk,
   owner /var/lib/sddm/.cache/fontconfig/*-le64.cache-@{int}{,TMP-@{rand6},NEW,LCK} w,
diff --git a/apparmor.d/groups/kde/kwin_x11 b/apparmor.d/groups/kde/kwin_x11
index 45176e2c..40b82d22 100644
--- a/apparmor.d/groups/kde/kwin_x11
+++ b/apparmor.d/groups/kde/kwin_x11
@@ -10,15 +10,12 @@ include <tunables/global>
 profile kwin_x11 @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-system>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-shader-cache>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
 
   network inet dgram,
   network inet6 dgram,
diff --git a/apparmor.d/groups/kde/plasma-browser-integration-host b/apparmor.d/groups/kde/plasma-browser-integration-host
index fd748c55..b5da03af 100644
--- a/apparmor.d/groups/kde/plasma-browser-integration-host
+++ b/apparmor.d/groups/kde/plasma-browser-integration-host
@@ -9,14 +9,11 @@ include <tunables/global>
 @{exec_path} = @{bin}/plasma-browser-integration-host
 profile plasma-browser-integration-host @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
 
   capability sys_ptrace,
 
@@ -25,7 +22,6 @@ profile plasma-browser-integration-host @{exec_path} {
   @{exec_path} mr,
 
   /usr/share/kservices5/{,**} r,
-  /usr/share/mime/ r,
 
   /etc/xdg/menus/ r,
   /etc/xdg/taskmanagerrulesrc r,
diff --git a/apparmor.d/groups/kde/plasma-discover b/apparmor.d/groups/kde/plasma-discover
index b9a49e74..680f961c 100644
--- a/apparmor.d/groups/kde/plasma-discover
+++ b/apparmor.d/groups/kde/plasma-discover
@@ -10,16 +10,13 @@ include <tunables/global>
 profile plasma-discover @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
   include <abstractions/qt5-shader-cache>
   include <abstractions/ssl_certs>
-  include <abstractions/vulkan>
 
   network inet dgram,
   network inet6 dgram,
diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell
index 0234777b..b6151b6d 100644
--- a/apparmor.d/groups/kde/plasmashell
+++ b/apparmor.d/groups/kde/plasmashell
@@ -17,18 +17,15 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   include <abstractions/consoles>
   include <abstractions/devices-usb>
   include <abstractions/disks-read>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/enchant>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-shader-cache>
   include <abstractions/qt5>
   include <abstractions/recent-documents-write>
   include <abstractions/thumbnails-cache-read>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   network inet dgram,
@@ -70,7 +67,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   /usr/share/kservicetypes5/{,**} r,
   /usr/share/lshw/artwork/logo.svg r,
   /usr/share/metainfo/{,**} r,
-  /usr/share/mime/{,**} r,
   /usr/share/plasma/{,**} r,
   /usr/share/solid/actions/{,**} r,
   /usr/share/swcatalog/{,**} r,
@@ -174,8 +170,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   @{sys}/devices/@{pci}/name r,
   @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/ r,
   @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
-  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node@{int}/meminfo r,
   @{sys}/devices/virtual/thermal/**/{name,type} r,
 
         @{PROC}/ r,
diff --git a/apparmor.d/groups/kde/sddm-greeter b/apparmor.d/groups/kde/sddm-greeter
index 481296e1..db03d42b 100644
--- a/apparmor.d/groups/kde/sddm-greeter
+++ b/apparmor.d/groups/kde/sddm-greeter
@@ -13,9 +13,8 @@ profile sddm-greeter @{exec_path} {
   include <abstractions/fontconfig-cache-read>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
+  include <abstractions/graphics>
   include <abstractions/qt5-compose-cache-write>
   include <abstractions/qt5-shader-cache>
   include <abstractions/qt5>
diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma
index 35d7a0c3..c39a1820 100644
--- a/apparmor.d/groups/kde/startplasma
+++ b/apparmor.d/groups/kde/startplasma
@@ -28,7 +28,6 @@ profile startplasma @{exec_path} {
   /usr/share/knotifications5/{,**} r,
   /usr/share/kservices5/{,**} r,
   /usr/share/kservicetypes5/{,**} r,
-  /usr/share/mime/{,**} r,
   /usr/share/plasma/{,**} r,
 
   /etc/machine-id r,
diff --git a/apparmor.d/groups/kde/systemsettings b/apparmor.d/groups/kde/systemsettings
index 28df9ca7..1f63a258 100644
--- a/apparmor.d/groups/kde/systemsettings
+++ b/apparmor.d/groups/kde/systemsettings
@@ -9,15 +9,12 @@ include <tunables/global>
 @{exec_path} = @{bin}/systemsettings
 profile systemsettings @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-shader-cache>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
 
   network netlink raw,
 
@@ -30,7 +27,6 @@ profile systemsettings @{exec_path} {
   /usr/share/kservices5/{,**} r,
   /usr/share/kservicetypes5/{,**} r,
   /usr/share/kxmlgui5/systemsettings/systemsettingsui.rc r,
-  /usr/share/mime/ r,
   /usr/share/plasma/{,**} r,
   /usr/share/systemsettings/{,**} r,
   /usr/share/kinfocenter/{,**} r,
diff --git a/apparmor.d/groups/ubuntu/update-manager b/apparmor.d/groups/ubuntu/update-manager
index eebce072..8d5ef8ca 100644
--- a/apparmor.d/groups/ubuntu/update-manager
+++ b/apparmor.d/groups/ubuntu/update-manager
@@ -51,10 +51,8 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
   @{lib}/apt/methods/http{,s}     rPx,
 
   /usr/share/distro-info/{,**} r,
-  /usr/share/themes/{,**} r,
   /usr/share/ubuntu-release-upgrader/{,**} r,
   /usr/share/update-manager/{,**} r,
-  /usr/share/X11/{,**} r,
 
   /etc/gtk-3.0/settings.ini r,
   /etc/pulse/client.conf r,
diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd
index 8a118b03..33971e27 100644
--- a/apparmor.d/groups/virt/libvirtd
+++ b/apparmor.d/groups/virt/libvirtd
@@ -206,7 +206,6 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r,
   @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r,
   @{sys}/devices/system/cpu/present r,
-  @{sys}/devices/system/cpu/present/ r,
   @{sys}/devices/system/node/ r,
   @{sys}/devices/system/node/node@{int}/ r,
   @{sys}/devices/system/node/node@{int}/{cpumap,distance,meminfo} r,
diff --git a/apparmor.d/groups/whonix/torbrowser b/apparmor.d/groups/whonix/torbrowser
index 1c8755fb..0396af63 100644
--- a/apparmor.d/groups/whonix/torbrowser
+++ b/apparmor.d/groups/whonix/torbrowser
@@ -23,18 +23,16 @@ profile torbrowser @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.freedesktop.login1>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/bus/org.freedesktop.RealtimeKit1>
+  include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
+  include <abstractions/desktop>
+  include <abstractions/enchant>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
+  include <abstractions/graphics-full>
   include <abstractions/gstreamer>
-  include <abstractions/gtk>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
   include <abstractions/ssl_certs>
   include <abstractions/thumbnails-cache-read>
   include <abstractions/user-download-strict>
-  include <abstractions/vulkan>
 
   # userns,
 
@@ -59,14 +57,10 @@ profile torbrowser @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/@{name}/{,**} r,
   /usr/share/doc/{,**} r,
-  /usr/share/egl/{,**} r,
-  /usr/share/icu/@{int}.@{int}/*.dat r,
-  /usr/share/libdrm/*.ids r,
   /usr/share/xul-ext/kwallet5/* r,
 
   /etc/@{name}.d/{,**} r,
   /etc/igfx_user_feature{,_next}.txt w,
-  /etc/libva.conf r,
   /etc/mailcap r,
   /etc/mime.types r,
   /etc/opensc.conf r,
@@ -110,20 +104,16 @@ profile torbrowser @{exec_path} flags=(attach_disconnected) {
   @{sys}/cgroup/cpu,cpuacct/user.slice/cpu.cfs_quota_us r,
   @{sys}/class/ r,
   @{sys}/class/**/ r,
-  @{sys}/devices/**/uevent r,
   @{sys}/devices/@{pci}/ r,
   @{sys}/devices/@{pci}/drm/card@{int}/ r,
-  @{sys}/devices/@{pci}/drm/renderD[0-9]*/ r,
-  @{sys}/devices/@{pci}/irq r,
-  @{sys}/devices/system/cpu/cpu@{int}/cache/index[0-9]/size r,
-  @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
-  @{sys}/devices/system/cpu/present r,
+  @{sys}/devices/@{pci}/drm/renderD128/ r,
+  @{sys}/devices/@{pci}/drm/renderD129/ r,
+  @{sys}/devices/**/uevent r,
   @{sys}/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,
   @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-1.scope/cpu.max r,
   @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/**/cpu.max r,
 
   owner @{PROC}/@{pid}/cgroup r,
-  owner @{PROC}/@{pid}/comm r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/gid_map w, # If kernel.unprivileged_userns_clone = 1
   owner @{PROC}/@{pid}/mountinfo r,
@@ -140,5 +130,9 @@ profile torbrowser @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pids}/cmdline r,
   owner @{PROC}/@{pids}/environ r,
 
+  # Silencer
+  deny @{lib_dirs}/** w,
+  deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
+
   include if exists <local/torbrowser>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/whonix/torbrowser-glxtest b/apparmor.d/groups/whonix/torbrowser-glxtest
index ddb6b298..20c7771b 100644
--- a/apparmor.d/groups/whonix/torbrowser-glxtest
+++ b/apparmor.d/groups/whonix/torbrowser-glxtest
@@ -15,12 +15,8 @@ include <tunables/global>
 @{exec_path} = @{lib_dirs}/glxtest
 profile torbrowser-glxtest @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-nvidia>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
@@ -29,9 +25,6 @@ profile torbrowser-glxtest @{exec_path} {
 
   owner /tmp/@{name}/.parentlock rw,
 
-  @{sys}/bus/pci/devices/ r,
-  @{sys}/devices/@{pci}/class r,
-
   owner @{PROC}/@{pid}/cmdline r,
 
   include if exists <local/torbrowser-glxtest>
diff --git a/apparmor.d/groups/whonix/torbrowser-vaapitest b/apparmor.d/groups/whonix/torbrowser-vaapitest
index 42056a67..2db3c2d6 100644
--- a/apparmor.d/groups/whonix/torbrowser-vaapitest
+++ b/apparmor.d/groups/whonix/torbrowser-vaapitest
@@ -15,23 +15,16 @@ include <tunables/global>
 @{exec_path} = @{lib_dirs}/vaapitest
 profile torbrowser-vaapitest @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-enumerate>
-  include <abstractions/dri-common>
-  include <abstractions/nvidia>
-  include <abstractions/vulkan>
+  include <abstractions/graphics>
 
   network netlink raw,
 
   @{exec_path} mr,
 
   /etc/igfx_user_feature{,_next}.txt w,
-  /etc/libva.conf r,
 
   owner /tmp/@{name}/.parentlock rw,
 
-  @{sys}/devices/@{pci}/{irq,revision,resource} r,
-  @{sys}/devices/@{pci}/config r,
-
   deny @{config_dirs}/.parentlock rw,
   deny @{config_dirs}/startupCache/** r,
   deny @{user_cache_dirs}/startupCache/* r,
diff --git a/apparmor.d/profiles-a-f/code b/apparmor.d/profiles-a-f/code
index 250c6777..84d58761 100644
--- a/apparmor.d/profiles-a-f/code
+++ b/apparmor.d/profiles-a-f/code
@@ -14,16 +14,11 @@ profile code flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/chromium-common>
   include <abstractions/dconf-write>
+  include <abstractions/desktop>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-intel>
-  include <abstractions/opencl-mesa>
-  include <abstractions/opencl-nvidia>
   include <abstractions/ssl_certs>
-  include <abstractions/vulkan>
 
   capability sys_ptrace,
 
@@ -61,13 +56,11 @@ profile code flags=(attach_disconnected) {
   @{lib}/go/bin/*                    rPUx,
   @{bin}/python[0-9]* rUx
 
-  /etc/libva.conf r,
   /etc/shells r,
   /etc/lsb-release r,
 
   owner @{HOME}/@{XDG_SSH_DIR}/config r,
 
-  owner @{code_config_dirs}/ rw,
   owner @{code_config_dirs}/** rwkl -> @{code_config_dirs}/**,
 
   owner @{user_projects_dirs}/ r,
@@ -85,8 +78,7 @@ profile code flags=(attach_disconnected) {
 
   @{sys}/devices/system/cpu/present r,
   @{sys}/devices/system/cpu/kernel_max r,
-  @{sys}/devices/virtual/tty/tty[0-9]*/active r,
-  @{sys}/devices/@{pci}/irq r,
+  @{sys}/devices/virtual/tty/tty@{int}/active r,
 
         @{PROC}/ r,
         @{PROC}/@{pid}/fd/ r,
diff --git a/apparmor.d/profiles-a-f/element b/apparmor.d/profiles-a-f/element
index 1620402e..288e3f01 100644
--- a/apparmor.d/profiles-a-f/element
+++ b/apparmor.d/profiles-a-f/element
@@ -11,19 +11,12 @@ profile element @{exec_path} {
   include <abstractions/base>
   include <abstractions/chromium-common>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
-  include <abstractions/mesa>
+  include <abstractions/desktop>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/nvidia>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
   include <abstractions/video>
-  include <abstractions/vulkan>
-  include <abstractions/X-strict>
 
   capability sys_ptrace,
 
@@ -49,26 +42,16 @@ profile element @{exec_path} {
 
   /usr/share/webapps/element/{,**} r,
 
-  /etc/libva.conf r,
   /etc/element/{,**} r,
   /etc/webapps/element/{,**} r,
 
-  owner @{user_config_dirs}/ r,
   owner @{user_config_dirs}/Element/ rw,
   owner @{user_config_dirs}/Element/** rwkl -> @{user_config_dirs}/Element/**,
   owner @{user_config_dirs}/pulse/client.conf r,
   owner @{user_config_dirs}/pulse/cookie rk,
 
-  @{sys}/bus/pci/devices/ r,
-  @{sys}/devices/@{pci}/class r,
-  @{sys}/devices/@{pci}/resource r,
-  @{sys}/devices/@{pci}/irq r,
-  @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r,
-  @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r,
   @{sys}/devices/system/cpu/kernel_max r,
-  @{sys}/devices/system/cpu/present r,
   @{sys}/devices/virtual/tty/tty@{int}/active r,
-  @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_{cur,min,max}_freq r,
 
         @{PROC}/ r,
         @{PROC}/sys/fs/inotify/max_user_watches r,
diff --git a/apparmor.d/profiles-a-f/file-roller b/apparmor.d/profiles-a-f/file-roller
index 69126750..f883b9f8 100644
--- a/apparmor.d/profiles-a-f/file-roller
+++ b/apparmor.d/profiles-a-f/file-roller
@@ -12,14 +12,10 @@ profile file-roller @{exec_path} {
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
   include <abstractions/dconf-write>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
+  include <abstractions/desktop>
   include <abstractions/nameservice-strict>
   include <abstractions/user-download-strict>
   include <abstractions/user-write>
-  include <abstractions/wayland>
-  include <abstractions/X-strict>
 
   # dbus: own bus=session name=org.gnome.ArchiveManager1
   # dbus: own bus=session name=org.gnome.FileRoller
@@ -42,10 +38,5 @@ profile file-roller @{exec_path} {
 
   @{open_path}         rPx -> child-open,
 
-  /usr/share/themes/{,**} r,
-  /usr/share/X11/xkb/{,**} r,
-
-  /etc/gtk-3.0/settings.ini r,
-
   include if exists <local/file-roller>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-g-l/glxinfo b/apparmor.d/profiles-g-l/glxinfo
index a0032366..a67752b2 100644
--- a/apparmor.d/profiles-g-l/glxinfo
+++ b/apparmor.d/profiles-g-l/glxinfo
@@ -10,12 +10,8 @@ include <tunables/global>
 @{exec_path} = @{bin}/glxinfo
 profile glxinfo @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   capability sys_admin,
diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird
index 64827e56..734e8e75 100644
--- a/apparmor.d/profiles-s-z/thunderbird
+++ b/apparmor.d/profiles-s-z/thunderbird
@@ -144,9 +144,6 @@ profile thunderbird @{exec_path} {
   @{run}/mount/utab r,
 
   @{sys}/cgroup/cpu,cpuacct/user.slice/cpu.cfs_quota_us r,
-  @{sys}/devices/system/cpu/cpu[0-9]/cache/index[0-9]/size r,
-  @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
-  @{sys}/devices/system/cpu/present r,
   @{sys}/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,
 
         @{PROC}/@{pids}/net/arp r,