diff --git a/profiles/apparmor.d/Xorg b/profiles/apparmor.d/Xorg
index 2a77ae191..af8af0431 100644
--- a/profiles/apparmor.d/Xorg
+++ b/profiles/apparmor.d/Xorg
@@ -86,7 +86,7 @@ profile Xorg /usr/lib/xorg/Xorg flags=(attach_disconnected, complain) {
   @{sys}/devices/**       r,
   @{sys}/module/**        r,
 
-  @{sys}/devices/pci*/**/backlight/*/brightness rw,
+  @{sys}/devices/@{pci_bus}/**/backlight/*/brightness rw,
 
   # Display managers
   @{run}/user/@{uid}/gdm/* r,
@@ -135,7 +135,7 @@ profile Xorg /usr/lib/xorg/Xorg flags=(attach_disconnected, complain) {
   # When running without a kernel mode-setting (KMS) driver, Xorg may need
   # these additional permissions. DO NOT enable these unless necessary!
   #nokms#/dev/mem rw,
-  #nokms#@{sys}/devices/pci[0-9]*/*/*/resource[0-9] w,
+  #nokms#@{sys}/devices/@{pci_bus}/*/*/resource[0-9] w,
 
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/Xorg>
diff --git a/profiles/apparmor.d/abstractions/dri-enumerate b/profiles/apparmor.d/abstractions/dri-enumerate
index b04e80e8b..515149022 100644
--- a/profiles/apparmor.d/abstractions/dri-enumerate
+++ b/profiles/apparmor.d/abstractions/dri-enumerate
@@ -6,7 +6,7 @@
 # needs to enumerate graphic devices (as with drmParsePciDeviceInfo() from
 # libdrm).
 
-  @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
+  @{sys}/devices/@{pci_bus}/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
 
 
   # Include additions to the abstraction
diff --git a/profiles/apparmor.d/abstractions/mesa b/profiles/apparmor.d/abstractions/mesa
index 26c748711..c9bdb4b17 100644
--- a/profiles/apparmor.d/abstractions/mesa
+++ b/profiles/apparmor.d/abstractions/mesa
@@ -12,7 +12,7 @@
   # (src/intel/perf/gen_perf.c, load_oa_metrics())
   @{PROC}/sys/dev/i915/perf_stream_paranoid r,
 
-  @{sys}/devices/pci[0-9]*/**/{revision,config} r,
+  @{sys}/devices/@{pci_bus}/**/{revision,config} r,
 
   # User files
   owner @{HOME}/.cache/ w, # if user clears all caches
diff --git a/profiles/apparmor.d/abstractions/opencl-intel b/profiles/apparmor.d/abstractions/opencl-intel
index b9b5f14e5..1ab96d707 100644
--- a/profiles/apparmor.d/abstractions/opencl-intel
+++ b/profiles/apparmor.d/abstractions/opencl-intel
@@ -15,7 +15,7 @@
   # System files
 
   /dev/dri/card[0-9]* rw, # beignet/libcl.so
-  @{sys}/devices/pci[0-9]*/**/{class,config,resource,revision} r, # libcl.so -> libdrm_intel.so -> libpciaccess.so (move to dri-enumerate ?)
+  @{sys}/devices/@{pci_bus}/**/{class,config,resource,revision} r, # libcl.so -> libdrm_intel.so -> libpciaccess.so (move to dri-enumerate ?)
   /usr/lib/@{multiarch}/beignet/** r,
 
 
diff --git a/profiles/apparmor.d/abstractions/opencl-nvidia b/profiles/apparmor.d/abstractions/opencl-nvidia
index a91f661d2..b94cdb19e 100644
--- a/profiles/apparmor.d/abstractions/opencl-nvidia
+++ b/profiles/apparmor.d/abstractions/opencl-nvidia
@@ -19,7 +19,7 @@
   # libnvidia-opencl.so rules:
   /dev/nvidia-uvm rw,
   /dev/nvidia-uvm-tools rw,
-  @{sys}/devices/pci[0-9]*/**/config r,
+  @{sys}/devices/@{pci_bus}/**/config r,
   @{sys}/devices/system/memory/block_size_bytes r,
   /usr/share/nvidia/** r,
   @{PROC}/devices r,
diff --git a/profiles/apparmor.d/abstractions/opencl-pocl b/profiles/apparmor.d/abstractions/opencl-pocl
index f2ec48f1e..6f6b3c4e4 100644
--- a/profiles/apparmor.d/abstractions/opencl-pocl
+++ b/profiles/apparmor.d/abstractions/opencl-pocl
@@ -16,10 +16,10 @@
   @{sys}/bus/pci/slots/ r, # libpocl.so -> hwloc_topology_load() from libhwloc.so
   @{sys}/bus/{cpu,node}/devices/ r, # libpocl.so -> libhwlock.so
   @{sys}/class/net/ r, # libpocl.so -> hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so
-  @{sys}/devices/pci[0-9]*/**/ r, # for libpocl ->  hwloc_linux_lookup_block_class() from libhwloc.so
-  @{sys}/devices/pci[0-9]*/**/block/*/dev r, # libpocl.so -> hwloc_linux_lookup_host_block_class() from libhwloc.so
-  @{sys}/devices/pci[0-9]*/**/{class,local_cpus} r, # libpocl.so -> libhwlock.so
-  @{sys}/devices/pci[0-9]*/*/net/*/address r, # libpocl.so ->  hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so
+  @{sys}/devices/@{pci_bus}/**/ r, # for libpocl ->  hwloc_linux_lookup_block_class() from libhwloc.so
+  @{sys}/devices/@{pci_bus}/**/block/*/dev r, # libpocl.so -> hwloc_linux_lookup_host_block_class() from libhwloc.so
+  @{sys}/devices/@{pci_bus}/**/{class,local_cpus} r, # libpocl.so -> libhwlock.so
+  @{sys}/devices/@{pci_bus}/*/net/*/address r, # libpocl.so ->  hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so
   @{sys}/devices/system/cpu/ r, # libpocl.so -> libnuma.so
   @{sys}/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/* r, # libpocl.so -> libhwloc.so
   @{sys}/devices/system/cpu/cpu[0-9]*/online r, # libpocl.so -> libhwlock.so
diff --git a/profiles/apparmor.d/abstractions/video b/profiles/apparmor.d/abstractions/video
index b83091fb3..9622a63fe 100644
--- a/profiles/apparmor.d/abstractions/video
+++ b/profiles/apparmor.d/abstractions/video
@@ -9,8 +9,8 @@
 
   owner /dev/shm/libv4l-* rw,
         /dev/video[0-9]* rw,
-  @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/video4linux/video[0-9]*/dev r,
-  @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{modalias,speed} r,
+  @{sys}/devices/@{pci_bus}/**/usb[0-9]/**/video4linux/video[0-9]*/dev r,
+  @{sys}/devices/@{pci_bus}/**/usb[0-9]/**/{modalias,speed} r,
 
   @{sys}/devices/virtual/dmi/id/sys_vendor r,
   @{sys}/devices/virtual/dmi/id/product_{name,version} r,
diff --git a/profiles/apparmor.d/abstractions/vulkan b/profiles/apparmor.d/abstractions/vulkan
index 13b128fa2..95c669da5 100644
--- a/profiles/apparmor.d/abstractions/vulkan
+++ b/profiles/apparmor.d/abstractions/vulkan
@@ -9,10 +9,10 @@
   /etc/vulkan/icd.d/{,*.json} r,
   /etc/vulkan/{explicit,implicit}_layer.d/{,*.json} r,
   # for drmGetMinorNameForFD() from libvulkan_intel.so (Mesa)
-  @{sys}/devices/pci[0-9]*/*/drm/ r,
-  @{sys}/devices/pci[0-9]*/*/drm/card[0-9]/gt_{max,min}_freq_mhz r, # anv_enumerate_physical_devices() from libvulkan_intel.so
-  @{sys}/devices/pci[0-9]*/*/drm/card[0-9]/metrics/ r, # anv_enumerate_physical_devices() from libvulkan_intel.so
-  @{sys}/devices/pci[0-9]*/*/drm/card[0-9]/metrics/????????-????-????-????-????????????/id r, # anv_enumerate_physical_devices() from libvulkan_intel.so
+  @{sys}/devices/@{pci_bus}/*/drm/ r,
+  @{sys}/devices/@{pci_bus}/*/drm/card[0-9]/gt_{max,min}_freq_mhz r, # anv_enumerate_physical_devices() from libvulkan_intel.so
+  @{sys}/devices/@{pci_bus}/*/drm/card[0-9]/metrics/ r, # anv_enumerate_physical_devices() from libvulkan_intel.so
+  @{sys}/devices/@{pci_bus}/*/drm/card[0-9]/metrics/????????-????-????-????-????????????/id r, # anv_enumerate_physical_devices() from libvulkan_intel.so
   /usr/share/egl/egl_external_platform.d/{,*} r,
   /usr/share/glvnd/egl_vendor.d/{,*} r,
   /usr/share/vulkan/icd.d/{,*.json} r,
diff --git a/profiles/apparmor.d/lsblk b/profiles/apparmor.d/lsblk
index c91e70845..e336220ce 100644
--- a/profiles/apparmor.d/lsblk
+++ b/profiles/apparmor.d/lsblk
@@ -23,7 +23,7 @@ profile lsblk /usr/bin/lsblk {
   @{sys}/class/block/ r,
   @{sys}/dev/block/ r,
 
-  @{sys}/devices/pci@{hex4}:@{hex2}/** r,
+  @{sys}/devices/@{pci_bus}/** r,
   @{sys}/devices/virtual/** r,
   @{sys}/devices/platform/** r,
 
diff --git a/profiles/apparmor.d/nvidia_modprobe b/profiles/apparmor.d/nvidia_modprobe
index 501ee560e..a078a9397 100644
--- a/profiles/apparmor.d/nvidia_modprobe
+++ b/profiles/apparmor.d/nvidia_modprobe
@@ -28,7 +28,7 @@ profile nvidia_modprobe {
   /dev/nvidia-uvm w,
   /dev/nvidia-uvm-tools w,
   @{sys}/bus/pci/devices/ r,
-  @{sys}/devices/pci[0-9]*/**/config r,
+  @{sys}/devices/@{pci_bus}/**/config r,
   @{PROC}/devices r,
   @{PROC}/driver/nvidia/params r,
   @{PROC}/modules r,
diff --git a/profiles/apparmor.d/tunables/system b/profiles/apparmor.d/tunables/system
index 2b5e6cce2..e46ff2190 100644
--- a/profiles/apparmor.d/tunables/system
+++ b/profiles/apparmor.d/tunables/system
@@ -96,4 +96,7 @@
 @{word32}=@{word16}@{word16}
 @{word64}=@{word32}@{word32}
 
+# Shortcut for PCI bus (e.g., /sys/devices/@{pci_bus}/**)
+@{pci_bus}=pci@{hex4}:@{hex2}
+
 include if exists <tunables/system.d>
diff --git a/profiles/apparmor.d/wpa_supplicant b/profiles/apparmor.d/wpa_supplicant
index 4cad16294..c855b9571 100644
--- a/profiles/apparmor.d/wpa_supplicant
+++ b/profiles/apparmor.d/wpa_supplicant
@@ -131,7 +131,7 @@ profile wpa_supplicant /usr/sbin/wpa_supplicant {
   network netlink raw,
   network packet dgram,
 
-  @{sys}/devices/pci[0-9]*:[0-9]*/**/ieee80211/phy[0-9]*/name r,
+  @{sys}/devices/@{pci_bus}/**/ieee80211/phy[0-9]*/name r,
   # Might also need @{sys}/class/ieee80211/ r,
   # phy* files inside are symlinks to the pci directory but directory
   # listing might be needed to enumerate and resolve symlinks
diff --git a/profiles/apparmor/profiles/extras/chromium_browser b/profiles/apparmor/profiles/extras/chromium_browser
index b66582e18..74b644991 100644
--- a/profiles/apparmor/profiles/extras/chromium_browser
+++ b/profiles/apparmor/profiles/extras/chromium_browser
@@ -153,25 +153,25 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
   /sys/devices/system/cpu/possible r,
   /sys/devices/system/cpu/present r,
   /sys/devices/system/node/node*/meminfo r,
-  /sys/devices/pci[0-9]*/**/bConfigurationValue r,
-  /sys/devices/pci[0-9]*/**/boot_vga r,
-  /sys/devices/pci[0-9]*/**/busnum r,
-  /sys/devices/pci[0-9]*/**/class r,
-  /sys/devices/pci[0-9]*/**/config r,
-  /sys/devices/pci[0-9]*/**/descriptors r,
-  /sys/devices/pci[0-9]*/**/device r,
-  /sys/devices/pci[0-9]*/**/devnum r,
-  /sys/devices/pci[0-9]*/**/irq r,
-  /sys/devices/pci[0-9]*/**/manufacturer r,
-  /sys/devices/pci[0-9]*/**/product r,
-  /sys/devices/pci[0-9]*/**/resource r,
-  /sys/devices/pci[0-9]*/**/revision r,
-  /sys/devices/pci[0-9]*/**/serial r,
-  /sys/devices/pci[0-9]*/**/subsystem_device r,
-  /sys/devices/pci[0-9]*/**/subsystem_vendor r,
-  /sys/devices/pci[0-9]*/**/vendor r,
-  /sys/devices/pci[0-9]*/**/removable r,
-  /sys/devices/pci[0-9]*/**/block/**/size r,
+  /sys/devices/@{pci_bus}/**/bConfigurationValue r,
+  /sys/devices/@{pci_bus}/**/boot_vga r,
+  /sys/devices/@{pci_bus}/**/busnum r,
+  /sys/devices/@{pci_bus}/**/class r,
+  /sys/devices/@{pci_bus}/**/config r,
+  /sys/devices/@{pci_bus}/**/descriptors r,
+  /sys/devices/@{pci_bus}/**/device r,
+  /sys/devices/@{pci_bus}/**/devnum r,
+  /sys/devices/@{pci_bus}/**/irq r,
+  /sys/devices/@{pci_bus}/**/manufacturer r,
+  /sys/devices/@{pci_bus}/**/product r,
+  /sys/devices/@{pci_bus}/**/resource r,
+  /sys/devices/@{pci_bus}/**/revision r,
+  /sys/devices/@{pci_bus}/**/serial r,
+  /sys/devices/@{pci_bus}/**/subsystem_device r,
+  /sys/devices/@{pci_bus}/**/subsystem_vendor r,
+  /sys/devices/@{pci_bus}/**/vendor r,
+  /sys/devices/@{pci_bus}/**/removable r,
+  /sys/devices/@{pci_bus}/**/block/**/size r,
   /sys/devices/virtual/block/**/removable r,
   /sys/devices/virtual/block/**/size r,
   /sys/devices/virtual/tty/tty*/active r,
diff --git a/profiles/apparmor/profiles/extras/firefox b/profiles/apparmor/profiles/extras/firefox
index 8b7ba2bee..e10a84072 100644
--- a/profiles/apparmor/profiles/extras/firefox
+++ b/profiles/apparmor/profiles/extras/firefox
@@ -194,11 +194,11 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
   @{PROC}/sys/vm/overcommit_memory r,
   @{sys}/fs/cgroup/user.slice/user-[0-9]*.slice/session-{,c}[0-9]*.scope/cpu.max r,
   # prevent crash LP: #1931602
-  /sys/devices/pci[0-9]*/**/{uevent,resource,irq,class} r,
+  /sys/devices/@{pci_bus}/**/{uevent,resource,irq,class} r,
   /sys/devices/platform/**/uevent r,
-  /sys/devices/pci*/**/{boot_vga,busnum,config,idVendor,idProduct,revision} r,
-  /sys/devices/pci*/**/{,subsystem_}device r,
-  /sys/devices/pci*/**/{,subsystem_}vendor r,
+  /sys/devices/@{pci_bus}/**/{boot_vga,busnum,config,idVendor,idProduct,revision} r,
+  /sys/devices/@{pci_bus}/**/{,subsystem_}device r,
+  /sys/devices/@{pci_bus}/**/{,subsystem_}vendor r,
   /sys/devices/system/node/node[0-9]*/meminfo r,
   owner @{HOME}/.cache/thumbnails/** rw,
 
diff --git a/profiles/apparmor/profiles/extras/usr.bin.wireshark b/profiles/apparmor/profiles/extras/usr.bin.wireshark
index e89823015..c8c87834d 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.wireshark
+++ b/profiles/apparmor/profiles/extras/usr.bin.wireshark
@@ -66,7 +66,7 @@ include <tunables/global>
   @{PROC}/@{pid}/net/dev r,
 
   # Backported from the dri-enumerate abstraction, available in AppArmor 2.13
-  /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
+  /sys/devices/@{pci_bus}/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
 
   /tmp/.X[0-9]*-lock r,