feat(profile): restic some well known path.

apparmor.d/abstractions/common/chromium

@@ -26,10 +26,10 @@
         /var/tmp/ r,
   owner @{tmp}/.org.chromium.Chromium.@{rand6} rw,
   owner @{tmp}/.org.chromium.Chromium.@{rand6}/{,**} rw,
-  owner @{tmp}/scoped_dir*/ rw,
+  owner @{tmp}/scoped_dir@{rand6}/ rw,
-  owner @{tmp}/scoped_dir*/SingletonCookie w,
+  owner @{tmp}/scoped_dir@{rand6}/SingletonCookie w,
-  owner @{tmp}/scoped_dir*/SingletonSocket w,
+  owner @{tmp}/scoped_dir@{rand6}/SingletonSocket w,
-  owner @{tmp}/scoped_dir*/SS w,
+  owner @{tmp}/scoped_dir@{rand6}/SS w,
 
         /dev/shm/ r,
   owner /dev/shm/.org.chromium.Chromium.@{rand6} rw,

apparmor.d/abstractions/common/electron

@@ -50,7 +50,7 @@
   owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
   owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
 
-  owner @{user_share_dirs}/.org.chromium.Chromium.* rw,
+  owner @{user_share_dirs}/.org.chromium.Chromium.@{rand6} rw,
 
   owner @{tmp}/.org.chromium.Chromium.@{rand6} rw,
   owner @{tmp}/.org.chromium.Chromium.@{rand6}/ rw,

apparmor.d/groups/apt/apt-cdrom

@@ -33,11 +33,11 @@ profile apt-cdrom @{exec_path} flags=(complain) {
   # @{run}/udev/data/* r,
 
   # For cd-roms
-  /media/cdrom[0-9]/ r,
+  /media/cdrom@{int}/ r,
-  /media/cdrom[0-9]/**/ r,
+  /media/cdrom@{int}/**/ r,
-  /media/cdrom[0-9]/.disk/info r,
+  /media/cdrom@{int}/.disk/info r,
-  /media/cdrom[0-9]/dists/**/binary-*/Packages{,.gz} r,
+  /media/cdrom@{int}/dists/**/binary-*/Packages{,.gz} r,
-  /media/cdrom[0-9]/dists/**/i18n/Translation-en{,.gz} r,
+  /media/cdrom@{int}/dists/**/i18n/Translation-en{,.gz} r,
 
   # For pendrives
   @{MOUNTS}/ r,
@@ -63,7 +63,7 @@ profile apt-cdrom @{exec_path} flags=(complain) {
 
     /etc/fstab r,
 
-    /media/cdrom[0-9]/ r,
+    /media/cdrom@{int}/ r,
 
     include if exists <local/apt-cdrom_mount>
   }

apparmor.d/groups/freedesktop/cpupower

@@ -32,7 +32,7 @@ profile cpupower @{exec_path} {
   @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{min,max}_freq rw,
   @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_governor rw,
   @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_setspeed rw,
-  @{sys}/devices/system/cpu/cpu@{int}/cpuidle/state[0-9]/disable rw,
+  @{sys}/devices/system/cpu/cpu@{int}/cpuidle/state@{int}/disable rw,
 
   @{sys}/devices/system/cpu/cpu@{int}/topology/{physical_package_id,core_id} r,
 

apparmor.d/groups/freedesktop/xorg

@@ -125,7 +125,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   @{PROC}/ioports r,
   @{PROC}/mtrr rw,
 
-  /dev/fb[0-9] rw,
+  /dev/fb@{int} rw,
   /dev/input/event@{int} rw,
   /dev/shm/#@{int} rw,
   /dev/shm/shmfd-* rw,

apparmor.d/groups/freedesktop/xrdb

@@ -19,7 +19,7 @@ profile xrdb @{exec_path} {
   @{bin}/{,*-}cpp-[0-9]*               rix,
   @{sh_path}                           rix,
   @{bin}/cpp                           rix,
-  @{lib}/gcc/@{multiarch}/@{int}*/cc1  rix,
+  @{lib}/gcc/@{multiarch}/@{version}/cc1  rix,
   @{lib}/llvm-[0-9]*/bin/clang         rix,
 
   /usr/include/stdc-predef.h r,

apparmor.d/groups/network/mullvad-gui

@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{name} = Mullvad*VPN
+@{name} = Mullvad?VPN
 @{lib_dirs} = /opt/@{name} 
 @{config_dirs} = @{user_config_dirs}/@{name}
 @{cache_dirs} = @{user_cache_dirs}/@{name}

apparmor.d/groups/pacman/pacman

@@ -123,7 +123,7 @@ profile pacman @{exec_path} flags=(attach_disconnected) {
   @{user_pkg_dirs}/**.pkg.tar.zst{,.sig} r,
 
   owner /var/lib/pacman/{,**} rwl,
-  owner @{tmp}/alpm_*/{,**} rw,
+  owner @{tmp}/alpm_@{rand6}/{,**} rw,
   owner @{tmp}/checkup-db-@{int}/sync/{,*.db*} rw,
   owner @{tmp}/checkup-db-@{int}/db.lck rw,
 

apparmor.d/profiles-g-l/gtk-youtube-viewer

@@ -98,7 +98,7 @@ profile gtk-youtube-viewer @{exec_path} {
     include <abstractions/xdg-open>
 
     @{bin}/xdg-open mr,
-    @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop mr,
+    @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop mr,
 
     @{sh_path}             rix,
     @{bin}/{m,g,}awk       rix,