I began by adding an additional profile path ADDITIONAL_PROFILE_DIR=/var/lib/snapd/apparmor/profiles/ to /lib/apparmor/rc.apparmor.functions then editing /var/lib/snapd/apparmor/profiles/snap.brave.brave to include the following, around line 2415:
@imeister Hi. I am a community member and know nothing about Linux. From your post, it appears this is Feedback vs a request for support. Is that correct? If so, you can edit your topic title (pencil icon) and change categories.
I am also wondering if you have tried installing from Brave official versions vs Snap. If not, why not? I am just curious. Posted links below for reference on why I am curious. Please ignore if you so choose.
Snap
You can find Brave in the Snapcraft Store, but while it is maintained by Brave Software, it is not yet working as well as our official packages. We currently recommend that users who are able to use our official package repositories do so instead of using the Snap.
I did change this to feedback, as I literally solved my own problem while writing this.
In Linux, manually installed applications from the web (those not obtained from snap or other repository) won’t update without an equally manual process. Snap and repositories are checked for new versions regularly and notify you when updates are available, and they handle things like dependencies automatically.
Source aside, this issue is a security problem with Brave; one that, if I were using the web download, would not have been caught. AppArmor audits what programs try to do under the hood and prevents things that either aren’t properly declared/requested or pose unnecessary risk to the OS.
Thank-you for the information! I did not realize that updates were a manual process for Linux users. Any automatic handling would definitely be a plus.
Is this something that should be reported to the Brave Bug Bounty program?
It likely affects anyone using the Brave Snap, so maybe? I’m no hacker, so I don’t know the security ramifications are exactly, but at the very least, fixing this issue will save users from having to move their mouse every so often when binging watching Netflix/Hulu. =P