With no disrespect meant to the policy authors, in my humble opinion, AppArmor, SELinux and all other optional security tools for securing browsers is polishing brass on the Titanic.

DuckHook...