apparmor: add unconfined profiles for abrowser and icedove.

helpers/DATA/apparmor/update-profile-extra-firefox-sh.patch

@@ -0,0 +1,27 @@
+diff --git a/profiles/apparmor/profiles/extras/firefox.sh b/profiles/apparmor/profiles/extras/firefox.sh
+index fb75c5b6..83a7404c 100644
+--- a/profiles/apparmor/profiles/extras/firefox.sh
++++ b/profiles/apparmor/profiles/extras/firefox.sh
+@@ -22,3 +22,22 @@ profile firefox.sh /usr/lib/firefox/firefox.sh {
+   # Site-specific additions and overrides. See local/README for details.
+   include if exists <local/firefox.sh>
+ }
++
++profile firefox.sh /usr/lib/abrowser/firefox.sh {
++  include <abstractions/base>
++  include <abstractions/bash>
++  include <abstractions/consoles>
++
++  deny capability sys_ptrace,
++
++  /{usr/,}bin/basename rix,
++  /{usr/,}bin/bash rix,
++  /{usr/,}bin/grep rix,
++  /etc/magic r,
++  /usr/bin/file rix,
++  /usr/lib/abrowser/abrowser px,
++  /usr/share/misc/magic.mgc r,
++
++  # Site-specific additions and overrides. See local/README for details.
++  include if exists <local/firefox.sh>
++}