When enabled, Firefox AppArmor profile blocks 'Open Containing Folder' function for downloads

When a firefox user has downloaded a file, the download dropdown includes an 'Open Containing Folder' option which does what the name implies.

When AppArmor is enabled, this button stops working. Instead, the following denials are logged:-

dbus-daemon[6348]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/FileManager1" interface="org.freedesktop.FileManager1" member="ShowItems" mask="send" name="org.freedesktop.FileManager1" pid=6874 label="firefox" peer_pid=8779 peer_label="unconfined"

dbus-daemon[6348]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gnome/Nautilus" interface="org.freedesktop.Application" member="Open" mask="send" name="org.gnome.Nautilus" pid=6874 label="firefox" peer_pid=8779 peer_label="unconfined"

Adding the following permissions to /etc/apparmor.d/usr.bin.firefox fixes the issue:-

  # 'Open Containing Folder' function for downloads
  dbus (send)
       bus=session
       path=/org/freedesktop/FileManager1
       interface=org.freedesktop.FileManager1
       member="ShowItems"
       peer=(label=unconfined),

  dbus (send)
       bus=session
       path=/org/gnome/Nautilus
       interface=org.freedesktop.Application
       member="Open"
       peer=(label=unconfined),

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: firefox 90.0+build1-0ubuntu0.20.04.1
ProcVersionSignature: Ubuntu 5.8.0-63.71~20.04.1-generic 5.8.18
Uname: Linux 5.8.0-63-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
AddonCompatCheckDisabled: False
ApportVersion: 2.20.11-0ubuntu27.18
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: mtandy 6342 F.... pulseaudio
 /dev/snd/pcmC0D0p: mtandy 6342 F...m pulseaudio
 /dev/snd/controlC1: mtandy 6342 F.... pulseaudio
BuildID: 20210705185941
CasperMD5CheckResult: skip
Channel: Unavailable
CurrentDesktop: ubuntu:GNOME
Date: Thu Jul 29 00:04:41 2021
ForcedLayersAccel: False
IncompatibleExtensions: Default - {972ce4c6-7e08-4474-a285-3208198ce6fd}
InstallationDate: Installed on 2021-05-31 (58 days ago)
InstallationMedia: Ubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1)
IpRoute:
 default via 192.168.0.1 dev enp3s0 proto dhcp metric 100
 169.254.0.0/16 dev enp3s0 scope link metric 1000
 192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.2 metric 100
MostRecentCrashID: bp-4122b123-9c74-4baf-b817-c8a771171216
PrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:352
PrefSources: prefs.js
Profiles: Profile0 (Default) - LastVersion=90.0/20210705185941 (In use)
RunningIncompatibleAddons: True
SourcePackage: firefox
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/11/2014
dmi.bios.release: 4.6
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 2202
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: Z97-K
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev X.0x
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr2202:bd07/11/2014:br4.6:svnASUS:pnAllSeries:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnZ97-K:rvrRevX.0x:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.family: ASUS MB
dmi.product.name: All Series
dmi.product.sku: All
dmi.product.version: System Version
dmi.sys.vendor: ASUS
mtime.conffile..etc.apparmor.d.usr.bin.firefox: 2021-07-28T23:39:29.648857