diff --git a/apparmor.d/abstractions/bus/polkit b/apparmor.d/abstractions/bus/polkit
new file mode 100644
index 00000000..fc94dbc6
--- /dev/null
+++ b/apparmor.d/abstractions/bus/polkit
@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=polkitd),
+
+  dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
+       interface=org.freedesktop.PolicyKit1.Authority
+       member=CheckAuthorization
+       peer=(name=org.freedesktop.PolicyKit1, label=polkitd),
+
+  dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority
+       interface=org.freedesktop.PolicyKit1.Authority
+       member=Changed
+       peer=(name=:*, label=polkitd),
+
+  include if exists <abstractions/bus/polkit.d>
diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt
index bcec1d2f..20815485 100644
--- a/apparmor.d/groups/apt/apt
+++ b/apparmor.d/groups/apt/apt
@@ -11,6 +11,7 @@ include <tunables/global>
 profile apt @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/apt-common>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-strict>
   include <abstractions/consoles>
   include <abstractions/nameservice-strict>
diff --git a/apparmor.d/groups/freedesktop/accounts-daemon b/apparmor.d/groups/freedesktop/accounts-daemon
index 5052560c..86f8ae99 100644
--- a/apparmor.d/groups/freedesktop/accounts-daemon
+++ b/apparmor.d/groups/freedesktop/accounts-daemon
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/{,accountsservice/}accounts-daemon
 profile accounts-daemon @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
   include <abstractions/wutmp>
diff --git a/apparmor.d/groups/freedesktop/colord b/apparmor.d/groups/freedesktop/colord
index 48c9519e..ccd8a893 100644
--- a/apparmor.d/groups/freedesktop/colord
+++ b/apparmor.d/groups/freedesktop/colord
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/{,colord/}colord
 profile colord @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-strict>
   include <abstractions/devices-usb>
   include <abstractions/nameservice-strict>
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index e3ce59f1..8b0518da 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -12,6 +12,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   include <abstractions/app-launcher-user>
   include <abstractions/audio>
   include <abstractions/bus/atspi>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-accessibility-strict>
   include <abstractions/dbus-gtk>
   include <abstractions/dbus-network-manager-strict>
diff --git a/apparmor.d/groups/network/ModemManager b/apparmor.d/groups/network/ModemManager
index 7e49d30e..3613d1fe 100644
--- a/apparmor.d/groups/network/ModemManager
+++ b/apparmor.d/groups/network/ModemManager
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/ModemManager
 profile ModemManager @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/consoles>
   include <abstractions/dri-enumerate>
   include <abstractions/dbus-strict>
diff --git a/apparmor.d/groups/systemd/systemd-hostnamed b/apparmor.d/groups/systemd/systemd-hostnamed
index 4c8609f9..fb947a2a 100644
--- a/apparmor.d/groups/systemd/systemd-hostnamed
+++ b/apparmor.d/groups/systemd/systemd-hostnamed
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/systemd/systemd-hostnamed
 profile systemd-hostnamed @{exec_path}  flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-strict>
   include <abstractions/systemd-common>
 
diff --git a/apparmor.d/profiles-a-f/boltd b/apparmor.d/profiles-a-f/boltd
index 2a882d99..7f19e22c 100644
--- a/apparmor.d/profiles-a-f/boltd
+++ b/apparmor.d/profiles-a-f/boltd
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/boltd
 profile boltd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
 
diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd
index fad36516..9c534170 100644
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/{,fwupd/}fwupd
 profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/disks-read>
@@ -60,11 +61,6 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
        member=Changed
        peer=(label=fwupdmgr),
 
-  dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority
-       interface=org.freedesktop.DBus.Properties
-       member={Changed,GetAll}
-       peer=(label=polkitd),
-
   dbus receive bus=system path=/
        interface=org.freedesktop.DBus.Properties
        member={GetAll,SetHints,GetPlugins,GetRemotes}
diff --git a/apparmor.d/profiles-m-r/pkexec b/apparmor.d/profiles-m-r/pkexec
index 19d702f6..0e9939ae 100644
--- a/apparmor.d/profiles-m-r/pkexec
+++ b/apparmor.d/profiles-m-r/pkexec
@@ -11,6 +11,7 @@ include <tunables/global>
 profile pkexec @{exec_path} {
   include <abstractions/base>
   include <abstractions/authentication>
+  include <abstractions/bus/polkit>
   include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
@@ -36,11 +37,6 @@ profile pkexec @{exec_path} {
        member=GetAll
        peer=(name=:*),
 
-  dbus (send) bus=system path=/org/freedesktop/PolicyKit1/Authority
-       interface=org.freedesktop.PolicyKit1.Authority
-       member={EnumerateActions,CheckAuthorization,RegisterAuthenticationAgent,UnregisterAuthenticationAgent}
-       peer=(name=:*),
-
   dbus (receive) bus=system path=/org/freedesktop/PolicyKit1*/Authority
        interface=org.freedesktop.PolicyKit1*.Authority
        member=Changed
diff --git a/apparmor.d/profiles-m-r/pkttyagent b/apparmor.d/profiles-m-r/pkttyagent
index 72a7862d..37afb41d 100644
--- a/apparmor.d/profiles-m-r/pkttyagent
+++ b/apparmor.d/profiles-m-r/pkttyagent
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/pkttyagent
 profile pkttyagent @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
diff --git a/apparmor.d/profiles-m-r/power-profiles-daemon b/apparmor.d/profiles-m-r/power-profiles-daemon
index d7163782..f57932ff 100644
--- a/apparmor.d/profiles-m-r/power-profiles-daemon
+++ b/apparmor.d/profiles-m-r/power-profiles-daemon
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/power-profiles-daemon
 profile power-profiles-daemon @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
 
diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd
index db5e3315..c084f0af 100644
--- a/apparmor.d/profiles-s-z/snapd
+++ b/apparmor.d/profiles-s-z/snapd
@@ -13,6 +13,7 @@ include <tunables/global>
 profile snapd @{exec_path} {
   include <abstractions/base>
   include <abstractions/authentication>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-strict>
   include <abstractions/disks-write>
   include <abstractions/fontconfig-cache-write>
diff --git a/apparmor.d/profiles-s-z/system-config-printer b/apparmor.d/profiles-s-z/system-config-printer
index c2d67491..78b6ed4b 100644
--- a/apparmor.d/profiles-s-z/system-config-printer
+++ b/apparmor.d/profiles-s-z/system-config-printer
@@ -11,6 +11,7 @@ include <tunables/global>
 @{exec_path} += /usr/share/system-config-printer/system-config-printer.py
 profile system-config-printer @{exec_path} flags=(complain) {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-session-strict>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd
index ff83101f..63823851 100644
--- a/apparmor.d/profiles-s-z/udisksd
+++ b/apparmor.d/profiles-s-z/udisksd
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/{,udisks2/}udisksd
 profile udisksd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-strict>
   include <abstractions/disks-write>
   include <abstractions/nameservice-strict>
diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd
index 3be0e384..167de33e 100644
--- a/apparmor.d/profiles-s-z/zsysd
+++ b/apparmor.d/profiles-s-z/zsysd
@@ -9,16 +9,13 @@ include <tunables/global>
 @{exec_path} = @{bin}/zsysd @{bin}/zsysctl
 profile zsysd @{exec_path} flags=(complain) {
   include <abstractions/base>
+  include <abstractions/bus/polkit>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
 
   capability sys_ptrace,
   capability sys_admin,
 
-  dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
-       interface=org.freedesktop.PolicyKit1.Authority
-       member=CheckAuthorization,
-
   @{exec_path}                   rmix,
   /{usr/,}{local/,}{s,}bin/zfs   rPx,
   /{usr/,}{local/,}{s,}bin/zpool rPx,