--- /etc/apparmor.d/usr.bin.firefox.orig.firefox_100.0.1+build1-0ubuntu0.22.04.1~mt1_amd64    2022-04-27 06:33:42.536085312 +0200
+++ /etc/apparmor.d/usr.bin.firefox    2022-05-16 22:36:21.693101338 +0200
@@ -201,6 +201,24 @@
        member=ListMountableInfo
        peer=(label=unconfined),

+  # https://github.com/snapcore/snapd/pull/8793/files/ec7f01e8c15bf9303cfb30354470d2a7b3783f25
+    # The portals service is normally running and newer versions of
+    # xdg-desktop-portal include AssumedAppArmor=unconfined. Since older
+    # systems don't have this and because gtkfilechoosernativeportal.c relies on
+    # service activation, allow sends to peer=(name=org.freedesktop.portal.Desktop)
+    # for service activation.
+  dbus (send)
+        bus=session
+        interface=org.freedesktop.portal.*
+        path=/org/freedesktop/portal/{desktop,documents}{,/**}
+        peer=(name=org.freedesktop.portal.Desktop),
+  dbus (send)
+        bus=session
+        interface=org.freedesktop.DBus.Properties
+        path=/org/freedesktop/portal/{desktop,documents}{,/**}
+        peer=(name=org.freedesktop.portal.Desktop),
+
+
   # Allow remote control when running on Wayland
   dbus (send)
        bus=session