From de8087afd099a9d6337eb40e5992a05b16afebb8 Mon Sep 17 00:00:00 2001
From: Ark74 <ark@switnet.org>
Date: Fri, 18 Jul 2025 01:26:59 -0600
Subject: [PATCH] apparmor: add icecat profiles for ecne

---
 ...ined-profile-firefox-icedove-icecat.patch} |  22 ++-
 .../003-add-extra-abrowser-profile.patch      |  91 ---------
 ...dd-extra-profile-for-abrowser-icecat.patch | 173 ++++++++++++++++++
 .../004-update-profile-extra-firefox-sh.patch |  23 ++-
 helpers/make-apparmor                         |  24 ++-
 5 files changed, 231 insertions(+), 102 deletions(-)
 rename helpers/DATA/apparmor/{002-add-unconfined-profile-firefox-icedove.patch => 002-add-unconfined-profile-firefox-icedove-icecat.patch} (69%)
 delete mode 100644 helpers/DATA/apparmor/003-add-extra-abrowser-profile.patch
 create mode 100644 helpers/DATA/apparmor/003-add-extra-profile-for-abrowser-icecat.patch

diff --git a/helpers/DATA/apparmor/002-add-unconfined-profile-firefox-icedove.patch b/helpers/DATA/apparmor/002-add-unconfined-profile-firefox-icedove-icecat.patch
similarity index 69%
rename from helpers/DATA/apparmor/002-add-unconfined-profile-firefox-icedove.patch
rename to helpers/DATA/apparmor/002-add-unconfined-profile-firefox-icedove-icecat.patch
index d5a95ec..a48c7ff 100644
--- a/helpers/DATA/apparmor/002-add-unconfined-profile-firefox-icedove.patch
+++ b/helpers/DATA/apparmor/002-add-unconfined-profile-firefox-icedove-icecat.patch
@@ -30,8 +30,24 @@ index 060eb24d..667b1674 100644
 -  include if exists <local/thunderbird>
 +  include if exists <local/icedove>
  }
+diff --git a/profiles/apparmor.d/icecat b/profiles/apparmor.d/icecat
+index 4071c345..148e445e 100644
+--- a/profiles/apparmor.d/icecat
++++ b/profiles/apparmor.d/icecat
+@@ -4,9 +4,9 @@
+ abi <abi/4.0>,
+ include <tunables/global>
+ 
+-profile firefox /{usr/lib/firefox{,-esr,-beta,-devedition,-nightly},opt/firefox}/firefox{,-esr,-bin} flags=(unconfined) {
++profile icecat /{usr/lib/icecat{,-esr,-beta,-devedition,-nightly},opt/icecat}/icecat{,-esr,-bin} flags=(unconfined) {
+   userns,
+ 
+   # Site-specific additions and overrides. See local/README for details.
+-  include if exists <local/firefox>
++  include if exists <local/icecat>
+ }
 diff --git a/debian/apparmor.install b/debian/apparmor.install
-index 79c8700e..2971e426 100644
+index 9cdaa3a2..d9ee697c 100644
 --- a/debian/apparmor.install
 +++ b/debian/apparmor.install
 @@ -68,6 +68,7 @@ etc/apparmor.d/sbuild-update
@@ -42,11 +58,13 @@ index 79c8700e..2971e426 100644
  etc/apparmor.d/thunderbird
  etc/apparmor.d/toybox
  etc/apparmor.d/trinity
-@@ -83,6 +84,7 @@ etc/apparmor.d/1password
+@@ -83,7 +84,9 @@ etc/apparmor.d/1password
  etc/apparmor.d/Discord
  etc/apparmor.d/MongoDB_Compass
  etc/apparmor.d/code
 +etc/apparmor.d/abrowser
  etc/apparmor.d/firefox
++etc/apparmor.d/icecat
  etc/apparmor.d/github-desktop
  etc/apparmor.d/obsidian
+ etc/apparmor.d/opera
diff --git a/helpers/DATA/apparmor/003-add-extra-abrowser-profile.patch b/helpers/DATA/apparmor/003-add-extra-abrowser-profile.patch
deleted file mode 100644
index 6122296..0000000
--- a/helpers/DATA/apparmor/003-add-extra-abrowser-profile.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-diff --git a/profiles/apparmor/profiles/extras/abrowser b/profiles/apparmor/profiles/extras/abrowser
-index c7b4aa7c..ed8f01c5 100644
---- a/profiles/apparmor/profiles/extras/abrowser
-+++ b/profiles/apparmor/profiles/extras/abrowser
-@@ -14,7 +14,7 @@ abi <abi/4.0>,
- include <tunables/global>
- 
- # Declare some variables to help with variants
--@{MOZ_APP_NAME}=firefox{,-esr}
-+@{MOZ_APP_NAME}=abrowser{,-esr}
- @{MOZ_LIBDIR}=/usr/lib/@{MOZ_APP_NAME}{,-[0-9]*}
- @{MOZ_ADDONDIR}=/usr/lib/{@{MOZ_APP_NAME},xulrunner}-addons
- 
-@@ -22,7 +22,7 @@ include <tunables/global>
- #  /usr/lib/firefox-4.0b8/firefox
- # but not:
- #  /usr/lib/firefox-4.0b8/firefox.sh
--profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
-+profile abrowser @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
-   include <abstractions/audio>
-   include <abstractions/cups-client>
-   include <abstractions/dbus-strict>
-@@ -144,8 +144,8 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
-   /etc/wildmidi/wildmidi.cfg r,
- 
-   # firefox specific
--  /etc/firefox*/ r,
--  /etc/firefox*/** r,
-+  /etc/abrowser*/ r,
-+  /etc/abrowser*/** r,
-   /etc/xul-ext/** r,
-   /etc/xulrunner{,-[0-9]*}/ r,
-   /etc/xulrunner{,-[0-9]*}/** r,
-@@ -234,12 +234,12 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
-   owner @{HOME}/.thumbnails/*/*.png r,
- 
-   # per-user firefox configuration
--  owner @{HOME}/.{firefox,mozilla}/ rw,
--  owner @{HOME}/.{firefox,mozilla}/** rw,
--  owner @{HOME}/.{firefox,mozilla}/**/*.{db,parentlock,sqlite}* k,
--  owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
--  owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,
--  owner @{HOME}/.gnome2/firefox* rwk,
-+  owner @{HOME}/.{abrowser,mozilla}/ rw,
-+  owner @{HOME}/.{abrowser,mozilla}/** rw,
-+  owner @{HOME}/.{abrowser,mozilla}/**/*.{db,parentlock,sqlite}* k,
-+  owner @{HOME}/.{abrowser,mozilla}/plugins/** rm,
-+  owner @{HOME}/.{abrowser,mozilla}/**/plugins/** rm,
-+  owner @{HOME}/.gnome2/abrowser* rwk,
-   owner @{HOME}/.cache/mozilla/{,@{MOZ_APP_NAME}/} rw,
-   owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/** rw,
-   owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/**/*.sqlite k,
-@@ -440,7 +440,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
-   owner @{HOME}/.mozilla/**/extensions/** mixr,
- 
-   # Widevine CDM plugin (LP: #1777070)
--  owner @{HOME}/.mozilla/firefox/*/gmp-widevinecdm/*/libwidevinecdm.so m,
-+  owner @{HOME}/.mozilla/abrowser/*/gmp-widevinecdm/*/libwidevinecdm.so m,
- 
-   deny @{MOZ_LIBDIR}/update.test w,
-   deny /usr/lib/mozilla/extensions/**/ w,
-@@ -458,7 +458,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
- 
-   /usr/bin/lsb_release Pxr -> lsb_release,
- 
--  # These should be started outside of Firefox
-+  # These should be started outside of abrowser
-   deny /usr/bin/dbus-launch x,
-   deny /usr/bin/speech-dispatcher x,
- 
-@@ -466,6 +466,6 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
-   include if exists <abstractions/ubuntu-browsers.d/firefox>
- 
-   # Site-specific additions and overrides. See local/README for details.
--  include if exists <local/usr.bin.firefox>
--  include if exists <local/firefox>
-+  include if exists <local/usr.bin.abrowser>
-+  include if exists <local/abrowser>
- }
-diff --git a/debian/apparmor-profiles.install b/debian/apparmor-profiles.install
-index d12ab262..a6ea623d 100644
---- a/debian/apparmor-profiles.install
-+++ b/debian/apparmor-profiles.install
-@@ -86,6 +86,7 @@ usr/share/apparmor/extra-profiles/usr.lib.GConf.2.gconfd-2
- usr/share/apparmor/extra-profiles/usr.lib.RealPlayer10.realplay
- usr/share/apparmor/extra-profiles/usr.lib.bonobo.bonobo-activation-server
- usr/share/apparmor/extra-profiles/usr.lib.evolution-data-server.evolution-data-server-1.10
-+usr/share/apparmor/extra-profiles/abrowser
- usr/share/apparmor/extra-profiles/firefox
- usr/share/apparmor/extra-profiles/firefox.sh
- usr/share/apparmor/extra-profiles/usr.lib.firefox.mozilla-xremote-client
diff --git a/helpers/DATA/apparmor/003-add-extra-profile-for-abrowser-icecat.patch b/helpers/DATA/apparmor/003-add-extra-profile-for-abrowser-icecat.patch
new file mode 100644
index 0000000..d156906
--- /dev/null
+++ b/helpers/DATA/apparmor/003-add-extra-profile-for-abrowser-icecat.patch
@@ -0,0 +1,173 @@
+diff --git a/profiles/apparmor/profiles/extras/icecat b/profiles/apparmor/profiles/extras/icecat
+index cbe1aa80..71813e99 100644
+--- a/profiles/apparmor/profiles/extras/icecat
++++ b/profiles/apparmor/profiles/extras/icecat
+@@ -14,7 +14,7 @@ abi <abi/4.0>,
+ include <tunables/global>
+ 
+ # Declare some variables to help with variants
+-@{MOZ_APP_NAME}=firefox{,-esr}
++@{MOZ_APP_NAME}=icecat{,-esr}
+ @{MOZ_LIBDIR}=/usr/lib/@{MOZ_APP_NAME}{,-[0-9]*}
+ @{MOZ_ADDONDIR}=/usr/lib/{@{MOZ_APP_NAME},xulrunner}-addons
+ 
+@@ -22,7 +22,7 @@ include <tunables/global>
+ #  /usr/lib/firefox-4.0b8/firefox
+ # but not:
+ #  /usr/lib/firefox-4.0b8/firefox.sh
+-profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
++profile icecat @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+   include <abstractions/audio>
+   include <abstractions/cups-client>
+   include <abstractions/dbus-strict>
+@@ -144,8 +144,8 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+   /etc/wildmidi/wildmidi.cfg r,
+ 
+   # firefox specific
+-  /etc/firefox*/ r,
+-  /etc/firefox*/** r,
++  /etc/icecat*/ r,
++  /etc/icecat*/** r,
+   /etc/xul-ext/** r,
+   /etc/xulrunner{,-[0-9]*}/ r,
+   /etc/xulrunner{,-[0-9]*}/** r,
+@@ -234,12 +234,12 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+   owner @{HOME}/.thumbnails/*/*.png r,
+ 
+   # per-user firefox configuration
+-  owner @{HOME}/.{firefox,mozilla}/ rw,
+-  owner @{HOME}/.{firefox,mozilla}/** rw,
+-  owner @{HOME}/.{firefox,mozilla}/**/*.{db,parentlock,sqlite}* k,
+-  owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
+-  owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,
+-  owner @{HOME}/.gnome2/firefox* rwk,
++  owner @{HOME}/.{icecat,mozilla}/ rw,
++  owner @{HOME}/.{icecat,mozilla}/** rw,
++  owner @{HOME}/.{icecat,mozilla}/**/*.{db,parentlock,sqlite}* k,
++  owner @{HOME}/.{icecat,mozilla}/plugins/** rm,
++  owner @{HOME}/.{icecat,mozilla}/**/plugins/** rm,
++  owner @{HOME}/.gnome2/icecat* rwk,
+   owner @{HOME}/.cache/mozilla/{,@{MOZ_APP_NAME}/} rw,
+   owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/** rw,
+   owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/**/*.sqlite{,-shm} k,
+@@ -440,7 +440,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+   owner @{HOME}/.mozilla/**/extensions/** mixr,
+ 
+   # Widevine CDM plugin (LP: #1777070)
+-  owner @{HOME}/.mozilla/firefox/*/gmp-widevinecdm/*/libwidevinecdm.so m,
++  owner @{HOME}/.mozilla/icecat/*/gmp-widevinecdm/*/libwidevinecdm.so m,
+ 
+   deny @{MOZ_LIBDIR}/update.test w,
+   deny /usr/lib/mozilla/extensions/**/ w,
+@@ -458,7 +458,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+ 
+   /usr/bin/lsb_release Pxr -> lsb_release,
+ 
+-  # These should be started outside of Firefox
++  # These should be started outside of icecat
+   deny /usr/bin/dbus-launch x,
+   deny /usr/bin/speech-dispatcher x,
+ 
+@@ -466,6 +466,6 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+   include if exists <abstractions/ubuntu-browsers.d/firefox>
+ 
+   # Site-specific additions and overrides. See local/README for details.
+-  include if exists <local/usr.bin.firefox>
+-  include if exists <local/firefox>
++  include if exists <local/usr.bin.icecat>
++  include if exists <local/icecat>
+ }
+diff --git a/profiles/apparmor/profiles/extras/firefox b/profiles/apparmor/profiles/extras/abrowser
+index cbe1aa80..2fb77651 100644
+--- a/profiles/apparmor/profiles/extras/firefox
++++ b/profiles/apparmor/profiles/extras/abrowser
+@@ -14,7 +14,7 @@ abi <abi/4.0>,
+ include <tunables/global>
+ 
+ # Declare some variables to help with variants
+-@{MOZ_APP_NAME}=firefox{,-esr}
++@{MOZ_APP_NAME}=abrowser{,-esr}
+ @{MOZ_LIBDIR}=/usr/lib/@{MOZ_APP_NAME}{,-[0-9]*}
+ @{MOZ_ADDONDIR}=/usr/lib/{@{MOZ_APP_NAME},xulrunner}-addons
+ 
+@@ -22,7 +22,7 @@ include <tunables/global>
+ #  /usr/lib/firefox-4.0b8/firefox
+ # but not:
+ #  /usr/lib/firefox-4.0b8/firefox.sh
+-profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
++profile abrowser @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+   include <abstractions/audio>
+   include <abstractions/cups-client>
+   include <abstractions/dbus-strict>
+@@ -144,8 +144,8 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+   /etc/wildmidi/wildmidi.cfg r,
+ 
+   # firefox specific
+-  /etc/firefox*/ r,
+-  /etc/firefox*/** r,
++  /etc/abrowser*/ r,
++  /etc/abrowser*/** r,
+   /etc/xul-ext/** r,
+   /etc/xulrunner{,-[0-9]*}/ r,
+   /etc/xulrunner{,-[0-9]*}/** r,
+@@ -234,12 +234,12 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+   owner @{HOME}/.thumbnails/*/*.png r,
+ 
+   # per-user firefox configuration
+-  owner @{HOME}/.{firefox,mozilla}/ rw,
+-  owner @{HOME}/.{firefox,mozilla}/** rw,
+-  owner @{HOME}/.{firefox,mozilla}/**/*.{db,parentlock,sqlite}* k,
+-  owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
+-  owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,
+-  owner @{HOME}/.gnome2/firefox* rwk,
++  owner @{HOME}/.{abrowser,mozilla}/ rw,
++  owner @{HOME}/.{abrowser,mozilla}/** rw,
++  owner @{HOME}/.{abrowser,mozilla}/**/*.{db,parentlock,sqlite}* k,
++  owner @{HOME}/.{abrowser,mozilla}/plugins/** rm,
++  owner @{HOME}/.{abrowser,mozilla}/**/plugins/** rm,
++  owner @{HOME}/.gnome2/abrowser* rwk,
+   owner @{HOME}/.cache/mozilla/{,@{MOZ_APP_NAME}/} rw,
+   owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/** rw,
+   owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/**/*.sqlite{,-shm} k,
+@@ -440,7 +440,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+   owner @{HOME}/.mozilla/**/extensions/** mixr,
+ 
+   # Widevine CDM plugin (LP: #1777070)
+-  owner @{HOME}/.mozilla/firefox/*/gmp-widevinecdm/*/libwidevinecdm.so m,
++  owner @{HOME}/.mozilla/abrowser/*/gmp-widevinecdm/*/libwidevinecdm.so m,
+ 
+   deny @{MOZ_LIBDIR}/update.test w,
+   deny /usr/lib/mozilla/extensions/**/ w,
+@@ -458,7 +458,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+ 
+   /usr/bin/lsb_release Pxr -> lsb_release,
+ 
+-  # These should be started outside of Firefox
++  # These should be started outside of abrowser
+   deny /usr/bin/dbus-launch x,
+   deny /usr/bin/speech-dispatcher x,
+ 
+@@ -466,6 +466,6 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+   include if exists <abstractions/ubuntu-browsers.d/firefox>
+ 
+   # Site-specific additions and overrides. See local/README for details.
+-  include if exists <local/usr.bin.firefox>
+-  include if exists <local/firefox>
++  include if exists <local/usr.bin.abrowser>
++  include if exists <local/abrowser>
+ }
+diff --git a/debian/apparmor-profiles.install b/debian/apparmor-profiles.install
+index 5cecd9dd..62531edb 100644
+--- a/debian/apparmor-profiles.install
++++ b/debian/apparmor-profiles.install
+@@ -88,8 +88,10 @@ usr/share/apparmor/extra-profiles/usr.lib.GConf.2.gconfd-2
+ usr/share/apparmor/extra-profiles/usr.lib.RealPlayer10.realplay
+ usr/share/apparmor/extra-profiles/usr.lib.bonobo.bonobo-activation-server
+ usr/share/apparmor/extra-profiles/usr.lib.evolution-data-server.evolution-data-server-1.10
++usr/share/apparmor/extra-profiles/abrowser
+ usr/share/apparmor/extra-profiles/firefox
+ usr/share/apparmor/extra-profiles/firefox.sh
++usr/share/apparmor/extra-profiles/icecat
+ usr/share/apparmor/extra-profiles/usr.lib.firefox.mozilla-xremote-client
+ usr/share/apparmor/extra-profiles/usr.lib.man-db.man
+ usr/share/apparmor/extra-profiles/postfix-anvil
diff --git a/helpers/DATA/apparmor/004-update-profile-extra-firefox-sh.patch b/helpers/DATA/apparmor/004-update-profile-extra-firefox-sh.patch
index d36f9c3..839d606 100644
--- a/helpers/DATA/apparmor/004-update-profile-extra-firefox-sh.patch
+++ b/helpers/DATA/apparmor/004-update-profile-extra-firefox-sh.patch
@@ -1,8 +1,8 @@
 diff --git a/profiles/apparmor/profiles/extras/firefox.sh b/profiles/apparmor/profiles/extras/firefox.sh
-index fb75c5b6..83a7404c 100644
+index fb75c5b6..7b23cd83 100644
 --- a/profiles/apparmor/profiles/extras/firefox.sh
 +++ b/profiles/apparmor/profiles/extras/firefox.sh
-@@ -22,3 +22,22 @@ profile firefox.sh /usr/lib/firefox/firefox.sh {
+@@ -22,3 +22,41 @@ profile firefox.sh /usr/lib/firefox/firefox.sh {
    # Site-specific additions and overrides. See local/README for details.
    include if exists <local/firefox.sh>
  }
@@ -25,3 +25,22 @@ index fb75c5b6..83a7404c 100644
 +  # Site-specific additions and overrides. See local/README for details.
 +  include if exists <local/firefox.sh>
 +}
++
++profile firefox.sh /usr/lib/icecat/firefox.sh {
++  include <abstractions/base>
++  include <abstractions/bash>
++  include <abstractions/consoles>
++
++  deny capability sys_ptrace,
++
++  /{usr/,}bin/basename rix,
++  /{usr/,}bin/bash rix,
++  /{usr/,}bin/grep rix,
++  /etc/magic r,
++  /usr/bin/file rix,
++  /usr/lib/icecat/icecat px,
++  /usr/share/misc/magic.mgc r,
++
++  # Site-specific additions and overrides. See local/README for details.
++  include if exists <local/firefox.sh>
++}
diff --git a/helpers/make-apparmor b/helpers/make-apparmor
index 6fc0fe6..83edbc6 100644
--- a/helpers/make-apparmor
+++ b/helpers/make-apparmor
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#    Copyright (C) 2024 Luis Guzmán <ark@switnet.org>
+#    Copyright (C) 2025 Luis Guzmán <ark@switnet.org>
 #
 #    This program is free software; you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
 #    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 #
 
-VERSION=3
+VERSION=4
 
 . ./config
 
@@ -28,17 +28,27 @@ VERSION=3
 # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
 
 cp profiles/apparmor.d/{thunderbird,icedove}
-cp profiles/apparmor.d/{firefox,abrowser}
-patch_p1 $DATA/002-add-unconfined-profile-firefox-icedove.patch
+for i in abrowser icecat
+do
+    cp profiles/apparmor.d/firefox profiles/apparmor.d/$i
+done
+patch_p1 $DATA/002-add-unconfined-profile-firefox-icedove-icecat.patch
 
-cp profiles/apparmor/profiles/extras/{firefox,abrowser}
-patch_p1 $DATA/003-add-extra-abrowser-profile.patch
+for i in abrowser icecat
+do
+    cp profiles/apparmor/profiles/extras/firefox \
+       profiles/apparmor/profiles/extras/$i
+done
+patch_p1 $DATA/003-add-extra-profile-for-abrowser-icecat.patch
 # Note: look for updates on abrowser.sh profile on each helper/patch change:
 patch_p1 $DATA/004-update-profile-extra-firefox-sh.patch
 
 # Update trasnmission apparmor profile to fix daemon management
 patch_p1 $DATA/005-update_trasnmission_profile_for_daemon_service_fix.patch
 
-changelog "Apply fix LP:2003702 for pidgin like clients. | Add unconfined profiles for firefox and icedove. | Improve transmission daemon service profile to improve management."
+changelog "Apply fix LP:2003702 for pidgin like clients.
+Add unconfined profiles for firefox and icedove.
+Improve transmission daemon service profile to improve management.
+Add custom profiles for icecat"
 
 package