Without testing it myself, I'm happy with the packaging changes and the apparmor policy. It would be nice if user-tmp was not required, but that isn't a big deal at all.
An important thing to keep in mind though-- before webbrowser-app ran under the "unconfined" label. Now it is going to run under the "webbrowser-app" label. This means that trusted helpers (eg, location service, online accounts, content-hub and pulseaudio) may interact with webbrowser-app differently. At the very least, users may be prompted by these services for access, so you'll want to make sure all of those work properly.
Without testing it myself, I'm happy with the packaging changes and the apparmor policy. It would be nice if user-tmp was not required, but that isn't a big deal at all.
An important thing to keep in mind though-- before webbrowser-app ran under the "unconfined" label. Now it is going to run under the "webbrowser-app" label. This means that trusted helpers (eg, location service, online accounts, content-hub and pulseaudio) may interact with webbrowser-app differently. At the very least, users may be prompted by these services for access, so you'll want to make sure all of those work properly.