diff --git a/apparmor.d/abstractions/freedesktop.org.d/complete b/apparmor.d/abstractions/freedesktop.org.d/complete
index c11d16d6..451b620a 100644
--- a/apparmor.d/abstractions/freedesktop.org.d/complete
+++ b/apparmor.d/abstractions/freedesktop.org.d/complete
@@ -8,6 +8,8 @@
   @{system_share_dirs}/xfce4/applications/{,**} r,
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
+  /usr/share/mime/ r,
+
   /etc/gnome/defaults.list r,
   /etc/xfce4/defaults.list r,  
 
diff --git a/apparmor.d/groups/akonadi/akonadi_akonotes_resource b/apparmor.d/groups/akonadi/akonadi_akonotes_resource
index b94a9590..46c6f934 100644
--- a/apparmor.d/groups/akonadi/akonadi_akonotes_resource
+++ b/apparmor.d/groups/akonadi/akonadi_akonotes_resource
@@ -9,13 +9,10 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_akonotes_resource
 profile akonadi_akonotes_resource @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/akonadi/akonadi_archivemail_agent b/apparmor.d/groups/akonadi/akonadi_archivemail_agent
index ef5aa5f5..4946f2ed 100644
--- a/apparmor.d/groups/akonadi/akonadi_archivemail_agent
+++ b/apparmor.d/groups/akonadi/akonadi_archivemail_agent
@@ -9,21 +9,17 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_archivemail_agent
 profile akonadi_archivemail_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
 
   /usr/share/akonadi/plugins/serializer/{,*.desktop} r,
   /usr/share/hwdata/*.ids r,
-  /usr/share/mime/{,**} r,
 
   /etc/machine-id r,
   /etc/xdg/kdeglobals r,
diff --git a/apparmor.d/groups/akonadi/akonadi_birthdays_resource b/apparmor.d/groups/akonadi/akonadi_birthdays_resource
index 0e2e1109..33c5365e 100644
--- a/apparmor.d/groups/akonadi/akonadi_birthdays_resource
+++ b/apparmor.d/groups/akonadi/akonadi_birthdays_resource
@@ -9,13 +9,10 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_birthdays_resource
 profile akonadi_birthdays_resource @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/akonadi/akonadi_contacts_resource b/apparmor.d/groups/akonadi/akonadi_contacts_resource
index 2a9178e9..f922749a 100644
--- a/apparmor.d/groups/akonadi/akonadi_contacts_resource
+++ b/apparmor.d/groups/akonadi/akonadi_contacts_resource
@@ -9,14 +9,11 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_contacts_resource
 profile akonadi_contacts_resource @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/akonadi/akonadi_control b/apparmor.d/groups/akonadi/akonadi_control
index e019ae20..1f6b2649 100644
--- a/apparmor.d/groups/akonadi/akonadi_control
+++ b/apparmor.d/groups/akonadi/akonadi_control
@@ -9,15 +9,12 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_control
 profile akonadi_control @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/freedesktop.org>
   include <abstractions/fonts>
-  include <abstractions/mesa>
+  include <abstractions/freedesktop.org>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/vulkan>
-  include <abstractions/X-strict>
   include <abstractions/qt5>
+  include <abstractions/X-strict>
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent
index d06c804b..f8ae0920 100644
--- a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent
+++ b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent
@@ -9,15 +9,12 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_followupreminder_agent
 profile akonadi_followupreminder_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/vulkan>
-  include <abstractions/X-strict>
   include <abstractions/qt5>
+  include <abstractions/X-strict>
 
   network inet dgram,
   network inet6 dgram,
diff --git a/apparmor.d/groups/akonadi/akonadi_ical_resource b/apparmor.d/groups/akonadi/akonadi_ical_resource
index 63bda6f1..cf5ffcba 100644
--- a/apparmor.d/groups/akonadi/akonadi_ical_resource
+++ b/apparmor.d/groups/akonadi/akonadi_ical_resource
@@ -9,11 +9,8 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_ical_resource
 profile akonadi_ical_resource @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/akonadi/akonadi_indexing_agent b/apparmor.d/groups/akonadi/akonadi_indexing_agent
index 3b283a26..2faf780c 100644
--- a/apparmor.d/groups/akonadi/akonadi_indexing_agent
+++ b/apparmor.d/groups/akonadi/akonadi_indexing_agent
@@ -9,14 +9,11 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_indexing_agent
 profile akonadi_indexing_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
@@ -27,7 +24,6 @@ profile akonadi_indexing_agent @{exec_path} {
   /usr/share/akonadi/plugins/serializer/*.desktop r,
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
-  /usr/share/mime/{,**} r,
 
   /etc/machine-id r,
   /etc/xdg/kdeglobals r,
diff --git a/apparmor.d/groups/akonadi/akonadi_maildir_resource b/apparmor.d/groups/akonadi/akonadi_maildir_resource
index 9c625781..2b75919c 100644
--- a/apparmor.d/groups/akonadi/akonadi_maildir_resource
+++ b/apparmor.d/groups/akonadi/akonadi_maildir_resource
@@ -9,21 +9,17 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_maildir_resource
 profile akonadi_maildir_resource @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
 
   /usr/share/akonadi/plugins/serializer/{,*.desktop} r,
   /usr/share/hwdata/*.ids r,
-  /usr/share/mime/{,**} r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
 
   /etc/xdg/kdeglobals r,
diff --git a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent
index 4152488f..62fe2913 100644
--- a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent
+++ b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent
@@ -9,16 +9,13 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_maildispatcher_agent
 profile akonadi_maildispatcher_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
   include <abstractions/qt5>
   include <abstractions/ssl_certs>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   network inet dgram,
@@ -34,7 +31,6 @@ profile akonadi_maildispatcher_agent @{exec_path} {
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
   /usr/share/knotifications5/akonadi_maildispatcher_agent.notifyrc r,
-  /usr/share/mime/{,**} r,
 
   /etc/xdg/kdeglobals r,
   /etc/xdg/kwinrc r,
diff --git a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent
index 0dc9e40b..ddc21c28 100644
--- a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent
+++ b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent
@@ -9,14 +9,11 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_mailfilter_agent
 profile akonadi_mailfilter_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   ptrace (read) peer=akonadi_archivemail_agent,
@@ -28,7 +25,6 @@ profile akonadi_mailfilter_agent @{exec_path} {
 
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
-  /usr/share/mime/{,**} r,
 
   /etc/machine-id r,
   /etc/xdg/kdeglobals r,
@@ -60,9 +56,6 @@ profile akonadi_mailfilter_agent @{exec_path} {
 
   owner @{user_share_dirs}/akonadi/file_db_data/{,**} rw,
 
-  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node@{int}/meminfo r,
-
   @{PROC}/sys/kernel/core_pattern r,
   @{PROC}/sys/kernel/random/boot_id r,
 
diff --git a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent
index fbb8a748..5e46d65a 100644
--- a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent
+++ b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent
@@ -9,13 +9,10 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_mailmerge_agent
 profile akonadi_mailmerge_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   network inet dgram,
diff --git a/apparmor.d/groups/akonadi/akonadi_migration_agent b/apparmor.d/groups/akonadi/akonadi_migration_agent
index 0a6a514f..2faa4794 100644
--- a/apparmor.d/groups/akonadi/akonadi_migration_agent
+++ b/apparmor.d/groups/akonadi/akonadi_migration_agent
@@ -9,14 +9,11 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_migration_agent
 profile akonadi_migration_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent
index 134d1933..e9ac9bd7 100644
--- a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent
+++ b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent
@@ -9,21 +9,17 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_newmailnotifier_agent
 profile akonadi_newmailnotifier_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
 
   /usr/share/akonadi/plugins/serializer/{,*.desktop} r,
   /usr/share/hwdata/*.ids r,
-  /usr/share/mime/{,**} r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
   /usr/share/knotifications5/akonadi_newmailnotifier_agent.notifyrc r,
 
diff --git a/apparmor.d/groups/akonadi/akonadi_notes_agent b/apparmor.d/groups/akonadi/akonadi_notes_agent
index 37cb839c..37db2156 100644
--- a/apparmor.d/groups/akonadi/akonadi_notes_agent
+++ b/apparmor.d/groups/akonadi/akonadi_notes_agent
@@ -9,14 +9,11 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_notes_agent
 profile akonadi_notes_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   network inet dgram,
@@ -28,7 +25,6 @@ profile akonadi_notes_agent @{exec_path} {
 
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
-  /usr/share/mime/{,**} r,
 
   /etc/xdg/kdeglobals r,
   /etc/xdg/kwinrc r,
diff --git a/apparmor.d/groups/akonadi/akonadi_sendlater_agent b/apparmor.d/groups/akonadi/akonadi_sendlater_agent
index 801ea75c..d64d2746 100644
--- a/apparmor.d/groups/akonadi/akonadi_sendlater_agent
+++ b/apparmor.d/groups/akonadi/akonadi_sendlater_agent
@@ -9,14 +9,11 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_sendlater_agent
 profile akonadi_sendlater_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   network inet dgram,
@@ -28,7 +25,6 @@ profile akonadi_sendlater_agent @{exec_path} {
 
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
-  /usr/share/mime/{,**} r,
 
   /etc/xdg/kdeglobals r,
   /etc/xdg/kwinrc r,
@@ -44,9 +40,6 @@ profile akonadi_sendlater_agent @{exec_path} {
   owner @{user_config_dirs}/kdeglobals r,
   owner @{user_config_dirs}/kwinrc r,
 
-  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node@{int}/meminfo r,
-
   @{PROC}/sys/kernel/core_pattern r,
 
   /dev/tty r,
diff --git a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent
index 2ccdbd13..c67dca7d 100644
--- a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent
+++ b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent
@@ -9,20 +9,16 @@ include <tunables/global>
 @{exec_path} = @{bin}/akonadi_unifiedmailbox_agent
 profile akonadi_unifiedmailbox_agent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
 
   /usr/share/hwdata/*.ids r,
-  /usr/share/mime/{,**} r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
 
   /etc/xdg/kdeglobals r,
@@ -38,9 +34,6 @@ profile akonadi_unifiedmailbox_agent @{exec_path} {
   owner @{user_config_dirs}/kdeglobals r,
   owner @{user_config_dirs}/kwinrc r,
 
-  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node@{int}/meminfo r,
-
   @{PROC}/sys/kernel/core_pattern r,
   
   /dev/tty r,
diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox
index bad8a437..ec743e27 100644
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@@ -25,20 +25,16 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.freedesktop.RealtimeKit1>
   include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
   include <abstractions/dconf-write>
+  include <abstractions/desktop>
   include <abstractions/enchant>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
+  include <abstractions/graphics-full>
   include <abstractions/gstreamer>
-  include <abstractions/gtk>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
   include <abstractions/ssl_certs>
   include <abstractions/thumbnails-cache-read>
   include <abstractions/user-download-strict>
   include <abstractions/user-read>
-  include <abstractions/vulkan>
 
   # userns,
 
@@ -121,9 +117,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/@{name}/{,**} r,
   /usr/share/doc/{,**} r,
-  /usr/share/egl/{,**} r,
-  /usr/share/icu/@{int}.@{int}/*.dat r,
-  /usr/share/libdrm/*.ids r,
   /usr/share/mozilla/extensions/{,**} r,
   /usr/share/webext/{,**} r,
   /usr/share/xul-ext/kwallet5/* r,
@@ -132,7 +125,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   /etc/cups/client.conf r,
   /etc/fstab r,
   /etc/igfx_user_feature{,_next}.txt w,
-  /etc/libva.conf r,
   /etc/mailcap r,
   /etc/mime.types r,
   /etc/opensc.conf r,
@@ -145,9 +137,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   owner @{HOME}/ r,
   owner @{HOME}/.cups/lpoptions r,
 
-  owner @{user_cache_dirs}/ rw,
-
-  owner @{user_config_dirs}/ r,
   owner @{user_config_dirs}/gtk-{3,4}.0/assets/*.svg r,
   owner @{user_config_dirs}/ibus/bus/ r,
   owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
@@ -156,7 +145,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   owner @{user_config_dirs}/kioslaverc r,
   owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw,
 
-  owner @{user_share_dirs}/ r,
   owner @{user_share_dirs}/applications/userapp-Firefox-@{rand6}.desktop{,.@{rand6}} rw,
   owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw,
   owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw,
@@ -206,10 +194,8 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/**/uevent r,
   @{sys}/devices/@{pci}/ r,
   @{sys}/devices/@{pci}/drm/card@{int}/ r,
-  @{sys}/devices/@{pci}/drm/renderD[0-9]*/ r,
-  @{sys}/devices/@{pci}/irq r,
-  @{sys}/devices/system/cpu/cpu@{int}/cache/index[0-9]/size r,
-  @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
+  @{sys}/devices/@{pci}/drm/renderD128/ r,
+  @{sys}/devices/@{pci}/drm/renderD129/ r,
   @{sys}/devices/system/cpu/present r,
   @{sys}/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,
 
@@ -219,7 +205,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
         @{PROC}/@{pid}/net/if_inet6 r,
         @{PROC}/@{pid}/net/route r,
   owner @{PROC}/@{pid}/cgroup r,
-  owner @{PROC}/@{pid}/comm r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/gid_map w, # If kernel.unprivileged_userns_clone = 1
   owner @{PROC}/@{pid}/mountinfo r,
@@ -241,15 +226,11 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
         /dev/shm/ r,
         /dev/tty rw,
         /dev/video@{int} rw,
-  owner /dev/dri/card@{int} rw, # File Inherit
   owner /dev/shm/org.chromium.* rw,
   owner /dev/shm/org.mozilla.ipc.@{pid}.@{int} rw,
   owner /dev/shm/wayland.mozilla.ipc.@{int} rw,
   owner /dev/tty@{int} rw, # File Inherit
 
-  # X-tiny
-  /tmp/.X0-lock r,
-
   # Silencer
   deny @{lib_dirs}/** w,
   deny @{run}/user/@{uid}/gnome-shell-disable-extensions w,
diff --git a/apparmor.d/groups/browsers/firefox-crashreporter b/apparmor.d/groups/browsers/firefox-crashreporter
index f6efb83b..7ebb8676 100644
--- a/apparmor.d/groups/browsers/firefox-crashreporter
+++ b/apparmor.d/groups/browsers/firefox-crashreporter
@@ -16,13 +16,10 @@ include <tunables/global>
 profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/dconf-write>
+  include <abstractions/desktop>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
-  include <abstractions/nameservice>
+  include <abstractions/nameservice-strict>
   include <abstractions/openssl>
-  include <abstractions/wayland>
 
   signal (receive) set=(term, kill) peer=firefox,
 
@@ -37,8 +34,6 @@ profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) {
 
   @{bin}/mv rix,
 
-  /usr/share/X11/xkb/** r,
-
   owner "@{config_dirs}/firefox/Crash Reports/{,**}" rw,
   owner @{config_dirs}/*.*/crashes/{,**} rw,
   owner @{config_dirs}/*.*/crashes/events/@{uuid} rw,
diff --git a/apparmor.d/groups/browsers/firefox-glxtest b/apparmor.d/groups/browsers/firefox-glxtest
index 1d645067..8a5f7ad4 100644
--- a/apparmor.d/groups/browsers/firefox-glxtest
+++ b/apparmor.d/groups/browsers/firefox-glxtest
@@ -13,12 +13,8 @@ include <tunables/global>
 @{exec_path} = @{lib_dirs}/glxtest
 profile firefox-glxtest @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-nvidia>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   @{exec_path} mr,
@@ -27,9 +23,6 @@ profile firefox-glxtest @{exec_path} {
 
   owner /tmp/@{name}/.parentlock rw,
 
-  @{sys}/bus/pci/devices/ r,
-  @{sys}/devices/@{pci}/class r,
-
   owner @{PROC}/@{pid}/cmdline r,
 
   include if exists <local/firefox-glxtest>
diff --git a/apparmor.d/groups/browsers/firefox-kmozillahelper b/apparmor.d/groups/browsers/firefox-kmozillahelper
index 009e122f..bceab1ca 100644
--- a/apparmor.d/groups/browsers/firefox-kmozillahelper
+++ b/apparmor.d/groups/browsers/firefox-kmozillahelper
@@ -9,11 +9,9 @@ include <tunables/global>
 @{exec_path} = @{lib}/mozilla/kmozillahelper
 profile firefox-kmozillahelper @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-settings-write>
   include <abstractions/qt5>
@@ -31,7 +29,6 @@ profile firefox-kmozillahelper @{exec_path} {
   /usr/share/icu/@{int}.@{int}/*.dat r,
   /usr/share/knotifications5/*.notifyrc r,
   /usr/share/kservices5/{,**} r,
-  /usr/share/mime/ r,
   /usr/share/sounds/{,**} r,
 
   /etc/pulse/client.conf r,
diff --git a/apparmor.d/groups/browsers/firefox-vaapitest b/apparmor.d/groups/browsers/firefox-vaapitest
index a5a3b2ac..62916502 100644
--- a/apparmor.d/groups/browsers/firefox-vaapitest
+++ b/apparmor.d/groups/browsers/firefox-vaapitest
@@ -13,23 +13,16 @@ include <tunables/global>
 @{exec_path} = @{lib_dirs}/vaapitest
 profile firefox-vaapitest @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-enumerate>
-  include <abstractions/dri-common>
-  include <abstractions/nvidia>
-  include <abstractions/vulkan>
+  include <abstractions/graphics>
 
   network netlink raw,
 
   @{exec_path} mr,
 
   /etc/igfx_user_feature{,_next}.txt w,
-  /etc/libva.conf r,
 
   owner /tmp/@{name}/.parentlock rw,
 
-  @{sys}/devices/@{pci}/{irq,revision,resource} r,
-  @{sys}/devices/@{pci}/config r,
-
   deny @{config_dirs}/firefox/*/.parentlock rw,
   deny @{config_dirs}/firefox/*/startupCache/** r,
   deny @{user_cache_dirs}/mozilla/firefox/*/startupCache/* r,
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
index c2148e68..04bca197 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
@@ -18,8 +18,7 @@ profile xdg-desktop-portal-gnome @{exec_path} {
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/dconf-write>
   include <abstractions/deny-sensitive-home>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
+  include <abstractions/dri>
   include <abstractions/fontconfig-cache-write>
   include <abstractions/gnome-strict>
   include <abstractions/mesa>
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
index 21c8eff9..1a9150e9 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
@@ -21,18 +21,13 @@ profile xdg-desktop-portal-gtk @{exec_path} {
   include <abstractions/bus/org.gnome.Shell.Introspect>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fontconfig-cache-write>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
-  include <abstractions/mesa>
+  include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/thumbnails-cache-read>
   include <abstractions/user-download>
   include <abstractions/user-write>
-  include <abstractions/wayland>
 
   unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell),
 
@@ -53,8 +48,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
 
   @{exec_path} mr,
 
-  /usr/share/X11/xkb/{,**} r,
-
   / r,
 
   owner /var/lib/xkb/server-@{int}.xkm rw,
@@ -65,7 +58,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
   owner @{HOME}/@{XDG_DATA_DIR}/ r,
 
   owner /tmp/runtime-*/xauth_@{rand6} r,
-  owner /tmp/xauth_@{rand6} r,
 
         @{run}/mount/utab r,
         @{run}/user/@{uid}/xauth_@{rand6} rl,
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
index c8f39891..e7f4b162 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
@@ -9,13 +9,10 @@ include <tunables/global>
 @{exec_path} = @{lib}/xdg-desktop-portal-kde
 profile xdg-desktop-portal-kde @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
-  include <abstractions/vulkan>
 
   network inet dgram,
   network inet6 dgram,
@@ -27,7 +24,6 @@ profile xdg-desktop-portal-kde @{exec_path} {
 
   /usr/share/hwdata/pnp.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
-  /usr/share/mime/{,**} r,
   /usr/share/qt5/qtlogging.ini r,
 
   /etc/xdg/kdeglobals r,
diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg
index 7ed101d2..9da544a0 100644
--- a/apparmor.d/groups/freedesktop/xorg
+++ b/apparmor.d/groups/freedesktop/xorg
@@ -15,13 +15,10 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/bus-system>
   include <abstractions/bus/org.freedesktop.login1.Session>
+  include <abstractions/desktop>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
-  include <abstractions/vulkan>
 
   capability dac_override,
   capability dac_read_search,
diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland
index 1e8e85d2..067c6ba9 100644
--- a/apparmor.d/groups/freedesktop/xwayland
+++ b/apparmor.d/groups/freedesktop/xwayland
@@ -9,12 +9,8 @@ include <tunables/global>
 @{exec_path}  = @{bin}/Xwayland
 profile xwayland @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
-  include <abstractions/vulkan>
+  include <abstractions/graphics>
   include <abstractions/X-strict>
 
   signal (receive) set=(term hup) peer=gdm*,
@@ -29,10 +25,8 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
   @{bin}/{,ba,da}sh rix,
   @{bin}/xkbcomp    rPx,
 
-  /usr/share/egl/{,**} r,
   /usr/share/fonts/{,**} r,
   /usr/share/ghostscript/fonts/{,**} r,
-  /usr/share/libdrm/*.ids r,
 
   owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw,
 
@@ -41,10 +35,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
   owner @{run}/user/@{uid}/server-@{int}.xkm rw,
   owner @{run}/user/@{uid}/xwayland-shared-@{rand6} rw,
 
-  @{sys}/bus/pci/devices/ r,
-
-        @{PROC}/@{pids}/cmdline r,
-  owner @{PROC}/@{pids}/comm r,
+  @{PROC}/@{pids}/cmdline r,
 
   /dev/tty@{int} rw,
   /dev/tty rw,
diff --git a/apparmor.d/groups/gnome/epiphany-search-provider b/apparmor.d/groups/gnome/epiphany-search-provider
index cd4dad7c..819fb17b 100644
--- a/apparmor.d/groups/gnome/epiphany-search-provider
+++ b/apparmor.d/groups/gnome/epiphany-search-provider
@@ -10,17 +10,13 @@ include <tunables/global>
 profile epiphany-search-provider @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/enchant>
   include <abstractions/fonts>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/nvidia>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
-  include <abstractions/vulkan>
   include <abstractions/X-strict>
 
   network inet dgram,
@@ -49,7 +45,6 @@ profile epiphany-search-provider @{exec_path} {
         @{PROC}/zoneinfo r,
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/cmdline r,
-  owner @{PROC}/@{pid}/comm r,
 
   deny @{user_share_dirs}/gvfs-metadata/* r,
 
diff --git a/apparmor.d/groups/gnome/evolution-alarm-notify b/apparmor.d/groups/gnome/evolution-alarm-notify
index fc129a77..10cadfeb 100644
--- a/apparmor.d/groups/gnome/evolution-alarm-notify
+++ b/apparmor.d/groups/gnome/evolution-alarm-notify
@@ -16,7 +16,7 @@ profile evolution-alarm-notify @{exec_path} {
   include <abstractions/fontconfig-cache-read>
   include <abstractions/gnome-strict>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
+  include <abstractions/graphics>
   include <abstractions/openssl>
 
   network netlink raw,
diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console
index 0a2e3a48..bb4db3dc 100644
--- a/apparmor.d/groups/gnome/gjs-console
+++ b/apparmor.d/groups/gnome/gjs-console
@@ -19,14 +19,10 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/bus/org.gnome.Shell.Introspect>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-nvidia>
   include <abstractions/openssl>
-  include <abstractions/vulkan>
 
   network netlink raw,
 
@@ -59,7 +55,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
   /etc/openni2/OpenNI.ini r,
 
   /usr/share/dconf/profile/gdm r,
-  /usr/share/egl/{,**} r,
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/gnome-shell/{,**} r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
diff --git a/apparmor.d/groups/gnome/gnome-calculator-search-provider b/apparmor.d/groups/gnome/gnome-calculator-search-provider
index b06a0de3..abb55fc2 100644
--- a/apparmor.d/groups/gnome/gnome-calculator-search-provider
+++ b/apparmor.d/groups/gnome/gnome-calculator-search-provider
@@ -11,11 +11,8 @@ profile gnome-calculator-search-provider @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>
   include <abstractions/dconf-write>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
-  include <abstractions/vulkan>
+  include <abstractions/graphics>
 
   signal (send) set=kill peer=unconfined,
 
@@ -28,11 +25,8 @@ profile gnome-calculator-search-provider @{exec_path} {
 
   @{bin}/* rPUx,
 
-  /usr/share/nvidia/nvidia-application-profiles-*-rc r,
-
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/cmdline r,
-  owner @{PROC}/@{pid}/comm r,
 
   include if exists <local/gnome-calculator-search-provider>
 }
diff --git a/apparmor.d/groups/gnome/gnome-calendar b/apparmor.d/groups/gnome/gnome-calendar
index 62ccd0b3..af373519 100644
--- a/apparmor.d/groups/gnome/gnome-calendar
+++ b/apparmor.d/groups/gnome/gnome-calendar
@@ -19,13 +19,11 @@ profile gnome-calendar @{exec_path} {
   include <abstractions/bus/org.freedesktop.timedate1>
   include <abstractions/dconf-write>
   include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl>
   include <abstractions/openssl>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
-  include <abstractions/vulkan>
 
   network netlink raw,
 
@@ -42,7 +40,6 @@ profile gnome-calendar @{exec_path} {
 
   @{exec_path} mr,
 
-  /usr/share/egl/{,**} r,
   /usr/share/evolution-data-server/{,**} r,
   /usr/share/libgweather/Locations.xml r,