diff --git a/autotests/html/usr.bin.apparmor-profile-test.html b/autotests/html/usr.bin.apparmor-profile-test.html
--- a/autotests/html/usr.bin.apparmor-profile-test.html
+++ b/autotests/html/usr.bin.apparmor-profile-test.html
@@ -136,7 +136,7 @@
 		<span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">data</span>  <span style="color:#bf0303;font-weight:bold;">&lt;=</span> <span style="color:#b08000;">100</span><span style="color:#bf0303;">M</span>,
 		<span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">nproc</span> <span style="color:#bf0303;font-weight:bold;">&lt;=</span> <span style="color:#b08000;">10</span>,
 		<span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">memlock</span> <span style="color:#bf0303;font-weight:bold;">&lt;=</span> <span style="color:#b08000;">2</span><span style="color:#bf0303;">GB</span>,
-		<span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">rss</span> <span style="color:#bf0303;font-weight:bold;">&lt;=</span> <span style="font-style:italic;">infinity</span>,
+		<span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">rss</span> <span style="color:#bf0303;font-weight:bold;">&lt;=</span> <span style="color:#b08000;">infinity</span>,
 
 		<span style="color:#898887;"># Change Profile rules</span>
 		<span style="color:#0057ae;font-weight:bold;">change_profile</span> <span style="color:#0057ae;">unsafe</span> /<span style="color:#3daee9;">**</span> <span style="color:#bf0303;font-weight:bold;">-&gt;</span> <span style="color:#644a9b;font-style:italic;">[^u/]</span><span style="color:#ff5500;font-style:italic;">**</span>,
diff --git a/autotests/reference/test.cil.ref b/autotests/reference/test.cil.ref
--- a/autotests/reference/test.cil.ref
+++ b/autotests/reference/test.cil.ref
@@ -43,7 +43,7 @@
 <dsNormal></dsNormal><br/>
 <Comment>; filecon</Comment><br/>
 <Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/system/bin/run-as"</Text Quoted><Normal Text> </Normal Text><Types>file</Types><Normal Text> runas_exec_context</Normal Text><Brackets1>)</Brackets1><br/>
-<Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/dev/socket/wpa_wlan</Text Quoted><Pattern Brackets>[0</Pattern Brackets><Special Char 2>-</Special Char 2><Pattern Brackets>9]</Pattern Brackets><Text Quoted>"</Text Quoted><Normal Text> </Normal Text><Types>any</Types><Normal Text> </Normal Text><File Contexts>u:object_r:wpa.socket:s0-s0</File Contexts><Brackets1>)</Brackets1><br/>
+<Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/dev/socket/wpa_wlan</Text Quoted><Pattern Brackets>[0</Pattern Brackets><Special Char of Brackets>-</Special Char of Brackets><Pattern Brackets>9]</Pattern Brackets><Text Quoted>"</Text Quoted><Normal Text> </Normal Text><Types>any</Types><Normal Text> </Normal Text><File Contexts>u:object_r:wpa.socket:s0-s0</File Contexts><Brackets1>)</Brackets1><br/>
 <Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/data/local/mine"</Text Quoted><Normal Text> </Normal Text><Types>dir</Types><Normal Text> </Normal Text><Brackets2>()</Brackets2><Brackets1>)</Brackets1><br/>
 <Brackets1>(</Brackets1><Statements>classcommon</Statements><Normal Text> file any dir</Normal Text><Brackets1>)</Brackets1><br/>
 <Brackets1>(</Brackets1><Normal Text>file any dir</Normal Text><Brackets1>)</Brackets1><br/>
@@ -63,9 +63,9 @@
 <Brackets1>(</Brackets1><Access Keys>allow</Access Keys><Normal Text> process httpd.object </Normal Text><Brackets2>(</Brackets2><Normal Text>file </Normal Text><Brackets3>(</Brackets3><Permissions>read</Permissions><Normal Text> </Normal Text><Permissions>write</Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/>
 <dsNormal></dsNormal><br/>
 <Comment>; Paths</Comment><br/>
-<Text Quoted>"/system/</Text Quoted><Pattern Brackets>(foo</Pattern Brackets><Special Char 2>|</Special Char 2><Pattern Brackets>bar)</Pattern Brackets><Text Quoted>/</Text Quoted><Pattern Brackets>[</Pattern Brackets><Special Char 2>^</Special Char 2><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Text Quoted>/</Text Quoted><Pattern Brackets>(hi){2,6}(</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Text Quoted>"</Text Quoted><br/>
-<Text Quoted>"/pa</Text Quoted><Escape Expression>\12</Escape Expression><Text Quoted>th</Text Quoted><Special Char>.*</Special Char><Text Quoted>a</Text Quoted><Special Char>+</Special Char><Text Quoted>b</Text Quoted><Special Char>?</Special Char><Text Quoted>"</Text Quoted><br/>
-<Path>/usr/hi</Path><Escape Expression>\"</Escape Expression><Path>esc</Path><Escape Expression>\032</Escape Expression><Path>esc</Path><Escape Expression>\*</Escape Expression><Path>3es</Path><Pattern Brackets>{2,2}</Pattern Brackets><Path>ds</Path><br/>
+<Text Quoted>"/system/</Text Quoted><Pattern Brackets>(foo</Pattern Brackets><Special Char of Brackets>|</Special Char of Brackets><Pattern Brackets>bar)</Pattern Brackets><Text Quoted>/</Text Quoted><Pattern Brackets>[</Pattern Brackets><Special Char of Brackets>^</Special Char of Brackets><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Text Quoted>/</Text Quoted><Pattern Brackets>(hi){2,6}(</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Text Quoted>"</Text Quoted><br/>
+<Text Quoted>"/pa</Text Quoted><Escape Char>\12</Escape Char><Text Quoted>th</Text Quoted><Special Char>.*</Special Char><Text Quoted>a</Text Quoted><Special Char>+</Special Char><Text Quoted>b</Text Quoted><Special Char>?</Special Char><Text Quoted>"</Text Quoted><br/>
+<Path>/usr/hi</Path><Escape Char>\"</Escape Char><Path>esc</Path><Escape Char>\032</Escape Char><Path>esc</Path><Escape Char>\*</Escape Char><Path>3es</Path><Pattern Brackets>{2,2}</Pattern Brackets><Path>ds</Path><br/>
 <Text Quoted>"/data/</Text Quoted><Pattern Brackets>(ope</Pattern Brackets><Open Pattern Brackets>n</Open Pattern Brackets><Text Quoted> "</Text Quoted><br/>
 <Text Quoted>"/data/</Text Quoted><Pattern Brackets>[ope</Pattern Brackets><Open Pattern Brackets>n</Open Pattern Brackets><Text Quoted> "</Text Quoted><br/>
 <dsNormal></dsNormal><br/>
diff --git a/autotests/reference/test.fc.ref b/autotests/reference/test.fc.ref
--- a/autotests/reference/test.fc.ref
+++ b/autotests/reference/test.fc.ref
@@ -2,46 +2,46 @@
 <dsNormal></dsNormal><br/>
 <Comment># Syntax of 'file_contexts' file and other SELinux configuration files:</Comment><br/>
 <dsNormal></dsNormal><br/>
-<Path>/usr/lib/</Path><Special Char>.*</Special Char><Path>/program/foo</Path><Escape Expression>\.</Escape Expression><Path>so</Path><Normal Text> </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>user</User><Normal Text>:</Normal Text><Role>role</Role><Normal Text>:</Normal Text><Type>type</Type><Normal Text>:</Normal Text><Level>s0</Level><Normal Text>:</Normal Text><Level>c0</Level><br/>
+<Path>/usr/lib/</Path><Special Char>.*</Special Char><Path>/program/foo</Path><Escape Char>\.</Escape Char><Path>so</Path><Normal Text> </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>user</User><Normal Text>:</Normal Text><Role>role</Role><Normal Text>:</Normal Text><Type>type</Type><Normal Text>:</Normal Text><Level>s0</Level><Normal Text>:</Normal Text><Level>c0</Level><br/>
 <Path>/</Path><Special Char>.*</Special Char><Normal Text>                </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>default_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
 <Path>/sys</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>         </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>sysfs_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
 <Path>/xen</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>         </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>xen_image_t</Type><Normal Text>:</Normal Text><Level>s1</Level><br/>
-<Path>/mnt</Path><Pattern Brackets>(/[</Pattern Brackets><Special Char 2>^</Special Char 2><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text> </Normal Text><File Type> -d</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>mnt_t</Type><Normal Text>:</Normal Text><Level>s1-5</Level><br/>
-<Path>/mnt</Path><Pattern Brackets>(/[</Pattern Brackets><Special Char 2>^</Special Char 2><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text> </Normal Text><File Type> -l</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>mnt_t</Type><Normal Text>:</Normal Text><Level>s0.s2</Level><br/>
+<Path>/mnt</Path><Pattern Brackets>(/[</Pattern Brackets><Special Char of Brackets>^</Special Char of Brackets><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text> </Normal Text><File Type> -d</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>mnt_t</Type><Normal Text>:</Normal Text><Level>s1-5</Level><br/>
+<Path>/mnt</Path><Pattern Brackets>(/[</Pattern Brackets><Special Char of Brackets>^</Special Char of Brackets><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text> </Normal Text><File Type> -l</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>mnt_t</Type><Normal Text>:</Normal Text><Level>s0.s2</Level><br/>
 <Path>/tmp/</Path><Special Char>.*</Special Char><Normal Text>            </Normal Text><Other Keywords><<none>></Other Keywords><br/>
 <Path>/root</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>        </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>admin_home_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
-<Path>/dev/</Path><Pattern Brackets>[0</Pattern Brackets><Special Char 2>-</Special Char 2><Pattern Brackets>9]</Pattern Brackets><Special Char>.*</Special Char><Normal Text>  </Normal Text><File Type> -c</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>usb_device_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
-<Path>/run/</Path><Special Char>.*</Special Char><Escape Expression>\.</Escape Expression><Special Char>*</Special Char><Path>pid</Path><Normal Text>      </Normal Text><Other Keywords><<none>></Other Keywords><br/>
-<Path>/mnt/</Path><Pattern Brackets>[</Pattern Brackets><Special Char 2>^</Special Char 2><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Path>/</Path><Special Char>.*</Special Char><Normal Text>      </Normal Text><Other Keywords><<none>></Other Keywords><br/>
+<Path>/dev/</Path><Pattern Brackets>[0</Pattern Brackets><Special Char of Brackets>-</Special Char of Brackets><Pattern Brackets>9]</Pattern Brackets><Special Char>.*</Special Char><Normal Text>  </Normal Text><File Type> -c</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>usb_device_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
+<Path>/run/</Path><Special Char>.*</Special Char><Escape Char>\.</Escape Char><Special Char>*</Special Char><Path>pid</Path><Normal Text>      </Normal Text><Other Keywords><<none>></Other Keywords><br/>
+<Path>/mnt/</Path><Pattern Brackets>[</Pattern Brackets><Special Char of Brackets>^</Special Char of Brackets><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Path>/</Path><Special Char>.*</Special Char><Normal Text>      </Normal Text><Other Keywords><<none>></Other Keywords><br/>
 <Path>/etc/</Path><Pattern Brackets>[mg]</Pattern Brackets><Path>dm</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>xdm_etc_t</Type><Normal Text>:</Normal Text><Level>s5-s6</Level><Normal Text>:</Normal Text><Level>c0</Level><br/>
 <Path>/dev/</Path><Pattern Brackets>(misc/)</Pattern Brackets><Special Char>?</Special Char><Path>psaux</Path><Normal Text> </Normal Text><File Type> -c</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>mouse_device_t</Type><Normal Text>:</Normal Text><Level>s0-s3</Level><Normal Text>:</Normal Text><Level>c0.c5</Level><br/>
 <dsNormal></dsNormal><br/>
 <Variable>HOME_DIR</Variable><Path>/</Path><Special Char>.+</Special Char><Normal Text>                                 </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>user_home_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
-<Variable>HOME_DIR</Variable><Path>/</Path><Pattern Brackets>((www)</Pattern Brackets><Special Char 2>|</Special Char 2><Pattern Brackets>(web)</Pattern Brackets><Special Char 2>|</Special Char 2><Pattern Brackets>(public_html))(/</Pattern Brackets><Special Char>.+</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>httpd_user_content_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
-<Variable>HOME_DIR</Variable><Path>/</Path><Escape Expression>\.</Escape Expression><Path>cache/google-chrome</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>        </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>chrome_sandbox_home_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
+<Variable>HOME_DIR</Variable><Path>/</Path><Pattern Brackets>((www)</Pattern Brackets><Special Char of Brackets>|</Special Char of Brackets><Pattern Brackets>(web)</Pattern Brackets><Special Char of Brackets>|</Special Char of Brackets><Pattern Brackets>(public_html))(/</Pattern Brackets><Special Char>.+</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>httpd_user_content_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
+<Variable>HOME_DIR</Variable><Path>/</Path><Escape Char>\.</Escape Char><Path>cache/google-chrome</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>        </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>chrome_sandbox_home_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
 <dsNormal></dsNormal><br/>
-<Path>/dev/</Path><Pattern Brackets>(misc/)</Pattern Brackets><Special Char>?</Special Char><Path>rtc</Path><Pattern Brackets>[0</Pattern Brackets><Special Char 2>-</Special Char 2><Pattern Brackets>9]</Pattern Brackets><Special Char>*</Special Char><Normal Text>          </Normal Text><File Type> -c</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>clock_device_t</Type><Normal Text>:</Normal Text><Level>s0-s2</Level><Normal Text>:</Normal Text><Level>c1</Level><br/>
-<Path>/var/</Path><Pattern Brackets>(db</Pattern Brackets><Special Char 2>|</Special Char 2><Pattern Brackets>adm)</Pattern Brackets><Path>/sudo</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>             </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>pam_var_run_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
-<Path>/dev/pcd</Path><Pattern Brackets>[0</Pattern Brackets><Special Char 2>-</Special Char 2><Pattern Brackets>3]</Pattern Brackets><Normal Text>                   </Normal Text><File Type> -b</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>removable_device_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
+<Path>/dev/</Path><Pattern Brackets>(misc/)</Pattern Brackets><Special Char>?</Special Char><Path>rtc</Path><Pattern Brackets>[0</Pattern Brackets><Special Char of Brackets>-</Special Char of Brackets><Pattern Brackets>9]</Pattern Brackets><Special Char>*</Special Char><Normal Text>          </Normal Text><File Type> -c</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>clock_device_t</Type><Normal Text>:</Normal Text><Level>s0-s2</Level><Normal Text>:</Normal Text><Level>c1</Level><br/>
+<Path>/var/</Path><Pattern Brackets>(db</Pattern Brackets><Special Char of Brackets>|</Special Char of Brackets><Pattern Brackets>adm)</Pattern Brackets><Path>/sudo</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>             </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>pam_var_run_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
+<Path>/dev/pcd</Path><Pattern Brackets>[0</Pattern Brackets><Special Char of Brackets>-</Special Char of Brackets><Pattern Brackets>3]</Pattern Brackets><Normal Text>                   </Normal Text><File Type> -b</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>removable_device_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
 <Path>/etc/ppp</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>                  </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>pppd_etc_rw_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
 <Path>/var/www</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>                       </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>httpd_sys_content_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
 <Path>/usr/lib</Path><Pattern Brackets>(</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>/)</Pattern Brackets><Special Char>?</Special Char><Path>bin</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>              </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>bin_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
 <Path>/dev/shm/</Path><Special Char>.*</Special Char><Normal Text>                          </Normal Text><Other Keywords><<none>></Other Keywords><br/>
-<Path>/usr/lib/</Path><Pattern Brackets>(sse2/)</Pattern Brackets><Special Char>?</Special Char><Path>hello-</Path><Special Char>.*</Special Char><Escape Expression>\.</Escape Expression><Path>so</Path><Special Char>.*</Special Char><Normal Text> </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>textrel_shlib_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
+<Path>/usr/lib/</Path><Pattern Brackets>(sse2/)</Pattern Brackets><Special Char>?</Special Char><Path>hello-</Path><Special Char>.*</Special Char><Escape Char>\.</Escape Char><Path>so</Path><Special Char>.*</Special Char><Normal Text> </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>textrel_shlib_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
 <Path>/sbin/grub</Path><Special Char>.*</Special Char><Normal Text>                    </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>bootloader_exec_t</Type><Normal Text>:</Normal Text><Level>s0.s3</Level><br/>
 <Path>/sbin/lilo</Path><Special Char>.*</Special Char><Normal Text>                    </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>bootloader_exec_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
-<Path>/etc/group</Path><Pattern Brackets>[</Pattern Brackets><Special Char 2>-</Special Char 2><Escape Expression>\+</Escape Expression><Pattern Brackets>]</Pattern Brackets><Special Char>?</Special Char><Normal Text>                </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>passwd_file_t</Type><Normal Text>:</Normal Text><Level>s0</Level><Normal Text>:</Normal Text><Level>c1-c5</Level><br/>
-<Path>/etc/rc</Path><Escape Expression>\.</Escape Expression><Path>d/init</Path><Escape Expression>\.</Escape Expression><Path>d/mpd</Path><Normal Text>          </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>mpd_initrc_exec_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
+<Path>/etc/group</Path><Pattern Brackets>[</Pattern Brackets><Special Char of Brackets>-</Special Char of Brackets><Escape Char>\+</Escape Char><Pattern Brackets>]</Pattern Brackets><Special Char>?</Special Char><Normal Text>                </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>passwd_file_t</Type><Normal Text>:</Normal Text><Level>s0</Level><Normal Text>:</Normal Text><Level>c1-c5</Level><br/>
+<Path>/etc/rc</Path><Escape Char>\.</Escape Char><Path>d/init</Path><Escape Char>\.</Escape Char><Path>d/mpd</Path><Normal Text>          </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>mpd_initrc_exec_t</Type><Normal Text>:</Normal Text><Level>s0</Level><br/>
 <dsNormal></dsNormal><br/>
 <dsNormal></dsNormal><br/>
 <Comment># Syntax of *.fc files, from the SELinux reference policy:</Comment><br/>
 <dsNormal></dsNormal><br/>
 <Path>/run/sudo/ts/</Path><Variable>%{USERNAME}</Variable><Normal Text>     </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>pam_var_run_t</Type><Normal Text>,</Normal Text><Level>s0</Level><Normal Text>,</Normal Text><Level>c0</Level><Normal Text>)</Normal Text><br/>
-<Path>/etc/aiccu</Path><Escape Expression>\.</Escape Expression><Path>conf</Path><Normal Text>        </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>aiccu_etc_t</Type><Normal Text>,</Normal Text><Level>s0-s2</Level><Normal Text>,</Normal Text><Level>c1.c5</Level><Normal Text>)</Normal Text><br/>
-<Variable>HOME_DIR</Variable><Path>/</Path><Escape Expression>\.</Escape Expression><Path>mtpz-data</Path><Normal Text>    </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>libmtp_home_t</Type><Normal Text>,</Normal Text><Level>s0</Level><Normal Text>)</Normal Text><br/>
+<Path>/etc/aiccu</Path><Escape Char>\.</Escape Char><Path>conf</Path><Normal Text>        </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>aiccu_etc_t</Type><Normal Text>,</Normal Text><Level>s0-s2</Level><Normal Text>,</Normal Text><Level>c1.c5</Level><Normal Text>)</Normal Text><br/>
+<Variable>HOME_DIR</Variable><Path>/</Path><Escape Char>\.</Escape Char><Path>mtpz-data</Path><Normal Text>    </Normal Text><File Type> --</File Type><Normal Text>  </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>libmtp_home_t</Type><Normal Text>,</Normal Text><Level>s0</Level><Normal Text>)</Normal Text><br/>
 <Path>/var/log/mariadb</Path><Pattern Brackets>(/</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Normal Text>       </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>mysqld_log_t</Type><Normal Text>,</Normal Text><Level>s0</Level><Normal Text>)</Normal Text><br/>
-<Path>/dev/dasd</Path><Pattern Brackets>[</Pattern Brackets><Special Char 2>^</Special Char 2><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Normal Text>          </Normal Text><File Type> -b</File Type><Normal Text>  </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>fixed_disk_device_t</Type><Normal Text>,</Normal Text><Level>mls_systemhigh</Level><Normal Text>)</Normal Text><br/>
-<Path>/dev/dasd</Path><Pattern Brackets>[</Pattern Brackets><Special Char 2>^</Special Char 2><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Normal Text>          </Normal Text><File Type> -c</File Type><Normal Text>  </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>fixed_disk_device_t</Type><Normal Text>,</Normal Text><Level>mls_systemhigh</Level><Normal Text>)</Normal Text><br/>
+<Path>/dev/dasd</Path><Pattern Brackets>[</Pattern Brackets><Special Char of Brackets>^</Special Char of Brackets><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Normal Text>          </Normal Text><File Type> -b</File Type><Normal Text>  </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>fixed_disk_device_t</Type><Normal Text>,</Normal Text><Level>mls_systemhigh</Level><Normal Text>)</Normal Text><br/>
+<Path>/dev/dasd</Path><Pattern Brackets>[</Pattern Brackets><Special Char of Brackets>^</Special Char of Brackets><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Normal Text>          </Normal Text><File Type> -c</File Type><Normal Text>  </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>fixed_disk_device_t</Type><Normal Text>,</Normal Text><Level>mls_systemhigh</Level><Normal Text>)</Normal Text><br/>
 <Variable>HOME_ROOT</Variable><Normal Text>               </Normal Text><File Type> -d</File Type><Normal Text>  </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>home_root_t</Type><Normal Text>,</Normal Text><Level>s0-mls_systemhigh</Level><Normal Text>,</Normal Text><Level>c1</Level><Normal Text>)</Normal Text><br/>
 <Variable>HOME_ROOT</Variable><Normal Text>               </Normal Text><File Type> -l</File Type><Normal Text>  </Normal Text><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>home_root_t</Type><Normal Text>,</Normal Text><Level>s0</Level><Normal Text>)</Normal Text><br/>
 <dsNormal></dsNormal><br/>
@@ -53,7 +53,7 @@
 <Text Quoted>	</Text Quoted><Path>/success</Path><Text Quoted> </Text Quoted><File Type> --</File Type><Text Quoted>  </Text Quoted><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>etc_runtime_t</Type><Normal Text>,</Normal Text><Level>s0</Level><Normal Text>)</Normal Text><br/>
 <Text Quoted>'</Text Quoted><Normal Text>)</Normal Text><br/>
 <Keywords>ifdef</Keywords><Normal Text>(</Normal Text><Text Quoted>`init_systemd'</Text Quoted><Normal Text>,</Normal Text><Text Quoted>`</Text Quoted><br/>
-<Text Quoted>	</Text Quoted><Path>/run/tmpfiles</Path><Escape Expression>\.</Escape Expression><Path>d/kmod</Path><Escape Expression>\.</Escape Expression><Path>conf</Path><Text Quoted> </Text Quoted><File Type> --</File Type><Text Quoted>  </Text Quoted><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>kmod_tmpfiles_conf_t</Type><Normal Text>,</Normal Text><Level>s0</Level><Normal Text>)</Normal Text><br/>
+<Text Quoted>	</Text Quoted><Path>/run/tmpfiles</Path><Escape Char>\.</Escape Char><Path>d/kmod</Path><Escape Char>\.</Escape Char><Path>conf</Path><Text Quoted> </Text Quoted><File Type> --</File Type><Text Quoted>  </Text Quoted><Keywords>gen_context</Keywords><Normal Text>(</Normal Text><User>system_u</User><Normal Text>:</Normal Text><Role>object_r</Role><Normal Text>:</Normal Text><Type>kmod_tmpfiles_conf_t</Type><Normal Text>,</Normal Text><Level>s0</Level><Normal Text>)</Normal Text><br/>
 <Text Quoted>'</Text Quoted><Normal Text>)</Normal Text><br/>
 <dsNormal></dsNormal><br/>
 <Comment># Tests</Comment><br/>
@@ -67,11 +67,11 @@
 <Path>/hello</Path><Pattern Brackets>(worl</Pattern Brackets><Open Pattern Brackets>d</Open Pattern Brackets><br/>
 <Path>/hello</Path><Pattern Brackets>[w</Pattern Brackets><Open Pattern Brackets>o</Open Pattern Brackets><br/>
 <dsNormal></dsNormal><br/>
-<Path>/path</Path><Pattern Brackets>[</Pattern Brackets><Special Char 2>^</Special Char 2><Pattern Brackets>0</Pattern Brackets><Special Char 2>-</Special Char 2><Pattern Brackets>8]</Pattern Brackets><Special Char>+</Special Char><br/>
-<Path>/path</Path><Pattern Brackets>(hello</Pattern Brackets><Special Char 2>|</Special Char 2><Pattern Brackets>bye)</Pattern Brackets><br/>
+<Path>/path</Path><Pattern Brackets>[</Pattern Brackets><Special Char of Brackets>^</Special Char of Brackets><Pattern Brackets>0</Pattern Brackets><Special Char of Brackets>-</Special Char of Brackets><Pattern Brackets>8]</Pattern Brackets><Special Char>+</Special Char><br/>
+<Path>/path</Path><Pattern Brackets>(hello</Pattern Brackets><Special Char of Brackets>|</Special Char of Brackets><Pattern Brackets>bye)</Pattern Brackets><br/>
 <Path>/path</Path><Special Char>.*</Special Char><Path>a</Path><Special Char>+</Special Char><Path>b</Path><Special Char>?</Special Char><br/>
-<Path>/path</Path><Escape Expression>\w</Escape Expression><Path>a</Path><Escape Expression>\W</Escape Expression><Path>a</Path><Escape Expression>\s</Escape Expression><Path>a</Path><Escape Expression>\d</Escape Expression><Path>a</Path><Escape Expression>\b</Escape Expression><Path>a</Path><Escape Expression>\B</Escape Expression><Path>a</Path><Escape Expression>\(</Escape Expression><Path>a</Path><br/>
-<Path>/usr/hi</Path><Escape Expression>\"</Escape Expression><Path>esc</Path><Escape Expression>\s</Escape Expression><Path>esc</Path><Escape Expression>\032</Escape Expression><Path>esc</Path><Escape Expression>\*</Escape Expression><Path>3esds</Path><br/>
+<Path>/path</Path><Escape Char>\w</Escape Char><Path>a</Path><Escape Char>\W</Escape Char><Path>a</Path><Escape Char>\s</Escape Char><Path>a</Path><Escape Char>\d</Escape Char><Path>a</Path><Escape Char>\b</Escape Char><Path>a</Path><Escape Char>\B</Escape Char><Path>a</Path><Escape Char>\(</Escape Char><Path>a</Path><br/>
+<Path>/usr/hi</Path><Escape Char>\"</Escape Char><Path>esc</Path><Escape Char>\s</Escape Char><Path>esc</Path><Escape Char>\032</Escape Char><Path>esc</Path><Escape Char>\*</Escape Char><Path>3esds</Path><br/>
 <dsNormal></dsNormal><br/>
 <Comment># Security contexts</Comment><br/>
 <Normal Text>user:role</Normal Text><br/>
diff --git a/autotests/reference/usr.bin.apparmor-profile-test.ref b/autotests/reference/usr.bin.apparmor-profile-test.ref
--- a/autotests/reference/usr.bin.apparmor-profile-test.ref
+++ b/autotests/reference/usr.bin.apparmor-profile-test.ref
@@ -5,59 +5,59 @@
 <Preprocessor>include </Preprocessor><Prep. Lib><tunables/global></Prep. Lib><br/>
 <dsNormal></dsNormal><br/>
 <Comment># Variable assignment</Comment><br/>
-<Variable>@{FOO_LIB}</Variable><Operator 1>=</Operator 1><Path>/usr/lib</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>32</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>64}</Globbing Brackets><Path>/foo</Path><br/>
+<Variable>@{FOO_LIB}</Variable><Operator 1>=</Operator 1><Path>/usr/lib</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>32</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>64}</Globbing Brackets><Path>/foo</Path><br/>
 <Variable>@{USER_DIR}</Variable><Operator 1> = </Operator 1><Variable>@{HOME}</Variable><Path>/Public </Path><Variable>@{HOME}</Variable><Path>/Desktop</Path><br/>
 <Variable>@{USER_DIR}</Variable><Operator 1> += </Operator 1><Variable>@{HOME}</Variable><Path>/Hello</Path><br/>
 <dsNormal></dsNormal><br/>
 <Comment># Profile for /usr/bin/foo</Comment><br/>
-<Path>/usr/bin/foo</Path><Normal Text> (</Normal Text><Flags>attach_disconnected</Flags><Normal Text>, </Normal Text><Flags>enforce</Flags><Normal Text>) {</Normal Text><br/>
+<Path>/usr/bin/foo</Path><Normal Text> (</Normal Text><Flags>attach_disconnected</Flags><Normal Text>, </Normal Text><Flags>enforce</Flags><Normal Text>) </Normal Text><Operator 1>{</Operator 1><br/>
 <Preprocessor>	include </Preprocessor><Prep. Lib><abstractions/base></Prep. Lib><br/>
 <Preprocessor>	include </Preprocessor><Prep. Lib><abstractions/dbus></Prep. Lib><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>	</Normal Text><Preprocessor>#include </Preprocessor><Prep. Lib><abstractions/ubuntu-helpers></Prep. Lib><br/>
 <Normal Text>	</Normal Text><Preprocessor>#include</Preprocessor><Prep. Lib><abstractions/wayland></Prep. Lib><br/>
 <Normal Text>	</Normal Text><Preprocessor>#include</Preprocessor><Prep. Lib>"/etc/apparmor.d/abstractions/ubuntu-konsole"</Prep. Lib><br/>
 <Preprocessor>	include </Preprocessor><Prep. Lib>"/etc/apparmor.d/abstractions/openssl"</Prep. Lib><br/>
 <dsNormal></dsNormal><br/>
-<Normal Text>	</Normal Text><Path>/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Char 1>**</Globbing Char 1><Globbing Brackets>/}</Globbing Brackets><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><Comment># Read only directories</Comment><br/>
+<Normal Text>	</Normal Text><Path>/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Char>**</Globbing Char><Globbing Brackets>/}</Globbing Brackets><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><Comment># Read only directories</Comment><br/>
 <dsNormal></dsNormal><br/>
-<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Path>/</Path><Globbing Brackets>{home</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>media</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>mnt</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>srv</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>net}</Globbing Brackets><Path>/</Path><Globbing Char 1>**</Globbing Char 1><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{USER_DIR}</Variable><Path>/</Path><Globbing Char 1>**</Globbing Char 1><Permissions> rw</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Qualifier>audit</Qualifier><Normal Text> </Normal Text><Access Qualifier>deny</Access Qualifier><Normal Text> </Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Path>/</Path><Globbing Char 1>**</Globbing Char 1><Path>/</Path><Globbing Char 1>*</Globbing Char 1><Permissions> mx</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Path>/</Path><Globbing Char 1>**</Globbing Char 1><Path>.</Path><Globbing Brackets>[tT][xX][tT]</Globbing Brackets><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><Normal Text>  </Normal Text><Comment># txt</Comment><br/>
+<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Path>/</Path><Globbing Brackets>{home</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>media</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>mnt</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>srv</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>net}</Globbing Brackets><Path>/</Path><Globbing Char>**</Globbing Char><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{USER_DIR}</Variable><Path>/</Path><Globbing Char>**</Globbing Char><Permissions> rw</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Qualifier>audit</Qualifier><Normal Text> </Normal Text><Access Qualifier>deny</Access Qualifier><Normal Text> </Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Path>/</Path><Globbing Char>**</Globbing Char><Path>/</Path><Globbing Char>*</Globbing Char><Permissions> mx</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Path>/</Path><Globbing Char>**</Globbing Char><Path>.</Path><Globbing Brackets>[tT][xX][tT]</Globbing Brackets><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><Normal Text>  </Normal Text><Comment># txt</Comment><br/>
 <Normal Text>	</Normal Text><br/>
-<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Rule>file</Rule><Normal Text> </Normal Text><Variable>@{HOME}</Variable><Path>/.local/share/foo/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Char 1>**</Globbing Char 1><Globbing Brackets>}</Globbing Brackets><Permissions> rwkl</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{HOME}</Variable><Path>/.config/foo/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Char 1>**</Globbing Char 1><Globbing Brackets>}</Globbing Brackets><Normal Text>          </Normal Text><Permissions> rwk</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{HOME}</Variable><Path>/.config/</Path><Globbing Char 1>*</Globbing Char 1><Normal Text>                  </Normal Text><Permissions> rw</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{HOME}</Variable><Path>/.config/</Path><Globbing Char 1>*</Globbing Char 1><Path>.</Path><Globbing Brackets>[a</Globbing Brackets><Globbing Char 2>-</Globbing Char 2><Globbing Brackets>zA</Globbing Brackets><Globbing Char 2>-</Globbing Char 2><Globbing Brackets>Z0</Globbing Brackets><Globbing Char 2>-</Globbing Char 2><Globbing Brackets>9]</Globbing Brackets><Globbing Char 1>*</Globbing Char 1><Normal Text>     </Normal Text><Permissions> rwk</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{HOME}</Variable><Path>/.cache/foo/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Char 1>**</Globbing Char 1><Globbing Brackets>}</Globbing Brackets><Normal Text>           </Normal Text><Permissions> rwk</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Rule>file</Rule><Normal Text> </Normal Text><Variable>@{HOME}</Variable><Path>/.local/share/foo/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Char>**</Globbing Char><Globbing Brackets>}</Globbing Brackets><Permissions> rwkl</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{HOME}</Variable><Path>/.config/foo/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Char>**</Globbing Char><Globbing Brackets>}</Globbing Brackets><Normal Text>          </Normal Text><Permissions> rwk</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{HOME}</Variable><Path>/.config/</Path><Globbing Char>*</Globbing Char><Normal Text>                  </Normal Text><Permissions> rw</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{HOME}</Variable><Path>/.config/</Path><Globbing Char>*</Globbing Char><Path>.</Path><Globbing Brackets>[a</Globbing Brackets><Globbing Char of Brackets>-</Globbing Char of Brackets><Globbing Brackets>zA</Globbing Brackets><Globbing Char of Brackets>-</Globbing Char of Brackets><Globbing Brackets>Z0</Globbing Brackets><Globbing Char of Brackets>-</Globbing Char of Brackets><Globbing Brackets>9]</Globbing Brackets><Globbing Char>*</Globbing Char><Normal Text>     </Normal Text><Permissions> rwk</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{HOME}</Variable><Path>/.cache/foo/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Char>**</Globbing Char><Globbing Brackets>}</Globbing Brackets><Normal Text>           </Normal Text><Permissions> rwk</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
-<Normal Text>	</Normal Text><Text Quoted>"/usr/share/</Text Quoted><Globbing Char 1>**</Globbing Char 1><Text Quoted>"</Text Quoted><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Text Quoted>"/var/lib/flatpak/exports/share/</Text Quoted><Globbing Char 1>**</Globbing Char 1><Text Quoted>"</Text Quoted><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Text Quoted>"/var/lib/flatpak/app/</Text Quoted><Globbing Char 1>**</Globbing Char 1><Text Quoted>/export/share/applications/</Text Quoted><Globbing Char 1>*</Globbing Char 1><Text Quoted>.desktop"</Text Quoted><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Text Quoted>"/usr/share/</Text Quoted><Globbing Char>**</Globbing Char><Text Quoted>"</Text Quoted><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Text Quoted>"/var/lib/flatpak/exports/share/</Text Quoted><Globbing Char>**</Globbing Char><Text Quoted>"</Text Quoted><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Text Quoted>"/var/lib/flatpak/app/</Text Quoted><Globbing Char>**</Globbing Char><Text Quoted>/export/share/applications/</Text Quoted><Globbing Char>*</Globbing Char><Text Quoted>.desktop"</Text Quoted><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>	</Normal Text><Access Qualifier>allow</Access Qualifier><Normal Text> </Normal Text><Rule>file</Rule><Normal Text> </Normal Text><Path>/etc/nsswitch.conf</Path><Normal Text>          </Normal Text><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><Access Qualifier>allow</Access Qualifier><Normal Text> </Normal Text><Path>/etc/fstab</Path><Normal Text>                       </Normal Text><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><Path>/etc/udev/udev.conf</Path><Normal Text>                    </Normal Text><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Path>/etc/xdg/</Path><Globbing Char 1>**</Globbing Char 1><Normal Text>                            </Normal Text><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Path>/etc/xdg/</Path><Globbing Char>**</Globbing Char><Normal Text>                            </Normal Text><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><Path>/etc/xdg/Trolltech.conf</Path><Normal Text>                </Normal Text><Permissions> k</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Access Qualifier>deny</Access Qualifier><Normal Text> </Normal Text><Path>/etc/xdg/</Path><Globbing Brackets>{autostart</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>systemd}</Globbing Brackets><Path>/</Path><Globbing Char 1>**</Globbing Char 1><Normal Text>   </Normal Text><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Access Qualifier>deny</Access Qualifier><Normal Text> </Normal Text><Path>/boot/</Path><Globbing Char 1>**</Globbing Char 1><Normal Text>                          </Normal Text><Permissions> rwlkmx</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Access Qualifier>deny</Access Qualifier><Normal Text> </Normal Text><Path>/etc/xdg/</Path><Globbing Brackets>{autostart</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>systemd}</Globbing Brackets><Path>/</Path><Globbing Char>**</Globbing Char><Normal Text>   </Normal Text><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Access Qualifier>deny</Access Qualifier><Normal Text> </Normal Text><Path>/boot/</Path><Globbing Char>**</Globbing Char><Normal Text>                          </Normal Text><Permissions> rwlkmx</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><br/>
-<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{PROC}</Variable><Path>/</Path><Variable>@{pid}</Variable><Path>/</Path><Globbing Brackets>{cmdline</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>mountinfo</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>mounts</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>stat</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>status</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>vmstat}</Globbing Brackets><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Path>/sys/devices/</Path><Globbing Char 1>**</Globbing Char 1><Path>/uevent</Path><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><File Qualifier>owner</File Qualifier><Normal Text> </Normal Text><Variable>@{PROC}</Variable><Path>/</Path><Variable>@{pid}</Variable><Path>/</Path><Globbing Brackets>{cmdline</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>mountinfo</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>mounts</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>stat</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>status</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>vmstat}</Globbing Brackets><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Path>/sys/devices/</Path><Globbing Char>**</Globbing Char><Path>/uevent</Path><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>	</Normal Text><Path>/usr/bin/foo</Path><Normal Text>        </Normal Text><Permissions> ixr</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><Path>/usr/bin/dolphin</Path><Normal Text>    </Normal Text><Permissions> PUx</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Path>/usr/bin/</Path><Globbing Char 1>*</Globbing Char 1><Normal Text>          </Normal Text><Permissions> Pixr</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Path>/usr/bin/</Path><Globbing Char>*</Globbing Char><Normal Text>          </Normal Text><Permissions> Pixr</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><Path>/usr/bin/khelpcenter</Path><Permissions> Cx</Permissions><Normal Text>  </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Transition Profile Name>sanitized_helper</Transition Profile Name><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><Path>/usr/bin/helloworld</Path><Normal Text> </Normal Text><Permissions> Cxr</Permissions><Normal Text> </Normal Text><Operator 2>-></Operator 2><br/>
 <Normal Text>			</Normal Text><Transition Profile Name>hello_world</Transition Profile Name><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><br/>
-<Normal Text>	</Normal Text><Path>/usr/lib</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>32</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>64}</Globbing Brackets><Path>/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Variable>@{multiarch}</Variable><Globbing Brackets>/}</Globbing Brackets><Path>qt5/plugins/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Char 1>**</Globbing Char 1><Globbing Brackets>/}</Globbing Brackets><Globbing Char 1>*</Globbing Char 1><Path>.so</Path><Permissions> m</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Variable>@{FOO_LIB}</Variable><Path>/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Char 1>**</Globbing Char 1><Globbing Brackets>}</Globbing Brackets><Permissions> mr</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Path>/usr/lib</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>32</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>64}</Globbing Brackets><Path>/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Variable>@{multiarch}</Variable><Globbing Brackets>/}</Globbing Brackets><Path>qt5/plugins/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Char>**</Globbing Char><Globbing Brackets>/}</Globbing Brackets><Globbing Char>*</Globbing Char><Path>.so</Path><Permissions> m</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Variable>@{FOO_LIB}</Variable><Path>/</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Char>**</Globbing Char><Globbing Brackets>}</Globbing Brackets><Permissions> mr</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><br/>
-<Normal Text>	</Normal Text><Qualifier>audit</Qualifier><Normal Text> </Normal Text><Access Qualifier>deny</Access Qualifier><Normal Text> </Normal Text><Path>/dev/</Path><Globbing Brackets>{audio</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>video}</Globbing Brackets><Globbing Char 1>*</Globbing Char 1><Permissions> rwlkmx</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Qualifier>audit</Qualifier><Normal Text> </Normal Text><Access Qualifier>deny</Access Qualifier><Normal Text> </Normal Text><Path>/dev/</Path><Globbing Brackets>{audio</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>video}</Globbing Brackets><Globbing Char>*</Globbing Char><Permissions> rwlkmx</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>	</Normal Text><Comment># Dbus rules</Comment><br/>
 <Normal Text>	</Normal Text><Rule>dbus</Rule><Normal Text> (</Normal Text><Permissions>send</Permissions><Normal Text>)</Normal Text><br/>
@@ -69,12 +69,12 @@
 <Normal Text>		</Normal Text><Option>bus</Option><Operator 1>=</Operator 1><Other Data>system</Other Data><br/>
 <Normal Text>		</Normal Text><Option>path</Option><Operator 1>=</Operator 1><Path>/org/freedesktop/NetworkManager</Path><br/>
 <Normal Text>		</Normal Text><Option>interface</Option><Operator 1>=</Operator 1><Path>org.freedesktop.NetworkManager</Path><br/>
-<Normal Text>		</Normal Text><Option>member</Option><Operator 1>=</Operator 1><Globbing Brackets>{Introspect</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>state}</Globbing Brackets><br/>
-<Normal Text>		</Normal Text><Option>peer</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Other Option>name</Other Option><Operator 1>=</Operator 1><Globbing Brackets>(org.freedesktop.NetworkManager</Globbing Brackets><Globbing Char 2>|</Globbing Char 2><Globbing Brackets>org.freedesktop.DBus)</Globbing Brackets><Normal Text>)</Normal Text><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Option>member</Option><Operator 1>=</Operator 1><Globbing Brackets>{Introspect</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>state}</Globbing Brackets><br/>
+<Normal Text>		</Normal Text><Option>peer</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Other Option>name</Other Option><Operator 1>=</Operator 1><Globbing Brackets>(org.freedesktop.NetworkManager</Globbing Brackets><Globbing Char of Brackets>|</Globbing Char of Brackets><Globbing Brackets>org.freedesktop.DBus)</Globbing Brackets><Normal Text>)</Normal Text><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><Rule>dbus</Rule><Normal Text> (</Normal Text><Permissions>send</Permissions><Normal Text>)</Normal Text><br/>
 <Normal Text>		</Normal Text><Option>bus</Option><Operator 1>=</Operator 1><Other Data>session</Other Data><br/>
-<Normal Text>		</Normal Text><Option>path</Option><Operator 1>=</Operator 1><Path>/org/gnome/GConf/Database/</Path><Globbing Char 1>*</Globbing Char 1><br/>
-<Normal Text>		</Normal Text><Option>member</Option><Operator 1>=</Operator 1><Globbing Brackets>{AddMatch</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>AddNotify</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>AllEntries</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>LookupExtended</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>RemoveNotify}</Globbing Brackets><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Option>path</Option><Operator 1>=</Operator 1><Path>/org/gnome/GConf/Database/</Path><Globbing Char>*</Globbing Char><br/>
+<Normal Text>		</Normal Text><Option>member</Option><Operator 1>=</Operator 1><Globbing Brackets>{AddMatch</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>AddNotify</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>AllEntries</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>LookupExtended</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>RemoveNotify}</Globbing Brackets><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>	</Normal Text><Rule>dbus</Rule><Normal Text> (</Normal Text><Permissions>bind</Permissions><Normal Text>)</Normal Text><br/>
 <Normal Text>		</Normal Text><Option>bus</Option><Operator 1>=</Operator 1><Other Data>system</Other Data><br/>
 <Normal Text>		</Normal Text><Option>name</Option><Operator 1>=</Operator 1><Path>org.bluez</Path><End of Rule Char>,</End of Rule Char><br/>
@@ -84,17 +84,17 @@
 <Normal Text>	</Normal Text><Rule>signal</Rule><Normal Text> (</Normal Text><Permissions>send</Permissions><Normal Text>, </Normal Text><Permissions>receive</Permissions><Normal Text>) </Normal Text><Option>set</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Flags>int</Flags><Normal Text> </Normal Text><Flags>exists</Flags><Normal Text> </Normal Text><Flags>rtmin+8</Flags><Normal Text>) </Normal Text><Option>peer</Option><Operator 1>=</Operator 1><Path>/usr/lib/hello/world</Path><SubProfile Operator>//</SubProfile Operator><SubProfile>foo-helper</SubProfile><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>	</Normal Text><Comment># Child profile</Comment><br/>
-<Normal Text>	</Normal Text><Profile Head>profile</Profile Head><Normal Text> </Normal Text><Profile Name>hello_world</Profile Name><Normal Text> {</Normal Text><br/>
+<Normal Text>	</Normal Text><Profile Head>profile</Profile Head><Normal Text> </Normal Text><Profile Name>hello_world</Profile Name><Normal Text> </Normal Text><Operator 1>{</Operator 1><br/>
 <Normal Text>		</Normal Text><Comment># File rules (three different ways)</Comment><br/>
-<Normal Text>		</Normal Text><Rule>file</Rule><Normal Text> </Normal Text><Path>/usr/lib</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>32</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>64}</Globbing Brackets><Path>/helloworld/</Path><Globbing Char 1>**</Globbing Char 1><Path>.so</Path><Permissions> mr</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>		</Normal Text><Path>/usr/lib</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>32</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>64}</Globbing Brackets><Path>/helloworld/</Path><Globbing Char 1>**</Globbing Char 1><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	</Normal Text><Permissions>	rk</Permissions><Normal Text> </Normal Text><Path>/usr/lib</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>32</Globbing Brackets><Globbing Char 2>,</Globbing Char 2><Globbing Brackets>64}</Globbing Brackets><Path>/helloworld/hello,file</Path><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Rule>file</Rule><Normal Text> </Normal Text><Path>/usr/lib</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>32</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>64}</Globbing Brackets><Path>/helloworld/</Path><Globbing Char>**</Globbing Char><Path>.so</Path><Permissions> mr</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Path>/usr/lib</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>32</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>64}</Globbing Brackets><Path>/helloworld/</Path><Globbing Char>**</Globbing Char><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>	</Normal Text><Permissions>	rk</Permissions><Normal Text> </Normal Text><Path>/usr/lib</Path><Globbing Brackets>{</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>32</Globbing Brackets><Globbing Char of Brackets>,</Globbing Char of Brackets><Globbing Brackets>64}</Globbing Brackets><Path>/helloworld/hello,file</Path><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>		</Normal Text><Comment># Link rules (two ways)</Comment><br/>
 <Normal Text>	</Normal Text><Permissions>	l</Permissions><Normal Text> </Normal Text><Path>/foo1</Path><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Path>/bar</Path><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>		</Normal Text><Rule>link</Rule><Normal Text> </Normal Text><Path>/foo2</Path><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> bar</Normal Text><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>		</Normal Text><Rule>link</Rule><Normal Text> </Normal Text><Path>/foo3</Path><Operator 2> to</Operator 2><Normal Text> bar</Normal Text><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>		</Normal Text><Rule>link</Rule><Normal Text> </Normal Text><Data>subset</Data><Normal Text> </Normal Text><Path>/link</Path><Globbing Char 1>*</Globbing Char 1><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Path>/</Path><Globbing Char 1>**</Globbing Char 1><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Rule>link</Rule><Normal Text> </Normal Text><Data>subset</Data><Normal Text> </Normal Text><Path>/link</Path><Globbing Char>*</Globbing Char><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Path>/</Path><Globbing Char>**</Globbing Char><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>		</Normal Text><Comment># Network rules</Comment><br/>
 <Normal Text>		</Normal Text><Rule>network</Rule><Normal Text> </Normal Text><Data>inet6</Data><Normal Text> </Normal Text><Data>tcp</Data><End of Rule Char>,</End of Rule Char><Normal Text> </Normal Text><Comment>#Allow access to tcp only for inet6 addresses</Comment><br/>
@@ -108,10 +108,10 @@
 <Normal Text>		</Normal Text><Rule>capability</Rule><Normal Text> </Normal Text><Data>sys_chroot</Data><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>		</Normal Text><Comment># Mount rules</Comment><br/>
-<Normal Text>		</Normal Text><Rule>mount</Rule><Normal Text> </Normal Text><Option>options</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Permissions>rw</Permissions><Normal Text> </Normal Text><Permissions>bind</Permissions><Normal Text> </Normal Text><Permissions>remount</Permissions><Normal Text> </Normal Text><Permissions>nodev</Permissions><Normal Text> </Normal Text><Permissions>noexec</Permissions><Normal Text>) </Normal Text><Option>vfstype</Option><Operator 1>=</Operator 1><Flags>ecryptfs</Flags><Normal Text> </Normal Text><Path>/home/</Path><Globbing Char 1>*</Globbing Char 1><Path>/.helloworld/</Path><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Path>/home/</Path><Globbing Char 1>*</Globbing Char 1><Path>/helloworld/</Path><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>		</Normal Text><Rule>mount</Rule><Normal Text> </Normal Text><Option>options</Option><Operator 2> in</Operator 2><Normal Text> (</Normal Text><Permissions>rw</Permissions><Normal Text>, </Normal Text><Permissions>bind</Permissions><Normal Text>) </Normal Text><Path>/</Path><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Path>/run/hellowordd/</Path><Globbing Char 1>*</Globbing Char 1><Path>.mnt</Path><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>		</Normal Text><Rule>mount</Rule><Normal Text> </Normal Text><Option>option</Option><Operator 1>=</Operator 1><Permissions>read-only</Permissions><Normal Text> </Normal Text><Option>fstype</Option><Operator 1>=</Operator 1><Flags>btrfs</Flags><Normal Text> </Normal Text><Path>/dev/sd</Path><Globbing Brackets>[a</Globbing Brackets><Globbing Char 2>-</Globbing Char 2><Globbing Brackets>z][1</Globbing Brackets><Globbing Char 2>-</Globbing Char 2><Globbing Brackets>9]</Globbing Brackets><Globbing Char 1>*</Globbing Char 1><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Path>/media/</Path><Globbing Char 1>*</Globbing Char 1><Path>/</Path><Globbing Char 1>*</Globbing Char 1><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>		</Normal Text><Rule>umount</Rule><Normal Text> </Normal Text><Path>/home/</Path><Globbing Char 1>*</Globbing Char 1><Path>/helloworld/</Path><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Rule>mount</Rule><Normal Text> </Normal Text><Option>options</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Permissions>rw</Permissions><Normal Text> </Normal Text><Permissions>bind</Permissions><Normal Text> </Normal Text><Permissions>remount</Permissions><Normal Text> </Normal Text><Permissions>nodev</Permissions><Normal Text> </Normal Text><Permissions>noexec</Permissions><Normal Text>) </Normal Text><Option>vfstype</Option><Operator 1>=</Operator 1><Flags>ecryptfs</Flags><Normal Text> </Normal Text><Path>/home/</Path><Globbing Char>*</Globbing Char><Path>/.helloworld/</Path><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Path>/home/</Path><Globbing Char>*</Globbing Char><Path>/helloworld/</Path><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Rule>mount</Rule><Normal Text> </Normal Text><Option>options</Option><Operator 2> in</Operator 2><Normal Text> (</Normal Text><Permissions>rw</Permissions><Normal Text>, </Normal Text><Permissions>bind</Permissions><Normal Text>) </Normal Text><Path>/</Path><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Path>/run/hellowordd/</Path><Globbing Char>*</Globbing Char><Path>.mnt</Path><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Rule>mount</Rule><Normal Text> </Normal Text><Option>option</Option><Operator 1>=</Operator 1><Permissions>read-only</Permissions><Normal Text> </Normal Text><Option>fstype</Option><Operator 1>=</Operator 1><Flags>btrfs</Flags><Normal Text> </Normal Text><Path>/dev/sd</Path><Globbing Brackets>[a</Globbing Brackets><Globbing Char of Brackets>-</Globbing Char of Brackets><Globbing Brackets>z][1</Globbing Brackets><Globbing Char of Brackets>-</Globbing Char of Brackets><Globbing Brackets>9]</Globbing Brackets><Globbing Char>*</Globbing Char><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Path>/media/</Path><Globbing Char>*</Globbing Char><Path>/</Path><Globbing Char>*</Globbing Char><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Rule>umount</Rule><Normal Text> </Normal Text><Path>/home/</Path><Globbing Char>*</Globbing Char><Path>/helloworld/</Path><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>		</Normal Text><Comment># Pivot Root rules</Comment><br/>
 <Normal Text>		</Normal Text><Rule>pivot_root</Rule><Normal Text> </Normal Text><Option>oldroot</Option><Operator 1>=</Operator 1><Path>/mnt/root/old/</Path><Normal Text> </Normal Text><Path>/mnt/root/</Path><End of Rule Char>,</End of Rule Char><br/>
@@ -122,36 +122,36 @@
 <Normal Text>		</Normal Text><Rule>ptrace</Rule><Normal Text> (</Normal Text><Permissions>read</Permissions><Normal Text>, </Normal Text><Permissions>trace</Permissions><Normal Text>, </Normal Text><Permissions>tracedby</Permissions><Normal Text>) </Normal Text><Option>peer</Option><Operator 1>=</Operator 1><Path>/usr/lib/hello/helloword</Path><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>		</Normal Text><Comment># Unix rules</Comment><br/>
-<Normal Text>		</Normal Text><Rule>unix</Rule><Normal Text> (</Normal Text><Permissions>connect</Permissions><Normal Text> </Normal Text><Permissions>receive</Permissions><Normal Text> </Normal Text><Permissions>send</Permissions><Normal Text>) </Normal Text><Option>type</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Data>stream</Data><Normal Text>) </Normal Text><Option>peer</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Other Option>label</Other Option><Operator 1>=</Operator 1><Other Data>unconfined</Other Data><Normal Text> </Normal Text><Other Option>addr</Other Option><Operator 1>=</Operator 1><Path>@/tmp/ibus/dbus-</Path><Globbing Char 1>*</Globbing Char 1><Normal Text>)</Normal Text><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Rule>unix</Rule><Normal Text> (</Normal Text><Permissions>connect</Permissions><Normal Text> </Normal Text><Permissions>receive</Permissions><Normal Text> </Normal Text><Permissions>send</Permissions><Normal Text>) </Normal Text><Option>type</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Data>stream</Data><Normal Text>) </Normal Text><Option>peer</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Other Option>label</Other Option><Operator 1>=</Operator 1><Other Data>unconfined</Other Data><Normal Text> </Normal Text><Other Option>addr</Other Option><Operator 1>=</Operator 1><Path>@/tmp/ibus/dbus-</Path><Globbing Char>*</Globbing Char><Normal Text>)</Normal Text><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>		</Normal Text><Rule>unix</Rule><Normal Text> (</Normal Text><Permissions>send</Permissions><Normal Text>,</Normal Text><Permissions>receive</Permissions><Normal Text>) </Normal Text><Option>type</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Data>stream</Data><Normal Text>) </Normal Text><Option>protocol</Option><Operator 1>=</Operator 1><Normal Text>0 </Normal Text><Option>peer</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Other Option>addr</Other Option><Operator 1>=</Operator 1><Other Data>none</Other Data><Normal Text>)</Normal Text><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>		</Normal Text><Rule>unix</Rule><Normal Text> </Normal Text><Option>peer</Option><Operator 1>=</Operator 1><Normal Text>(</Normal Text><Other Option>label</Other Option><Operator 1>=</Operator 1><Variable>@{profile_name}</Variable><Normal Text>,</Normal Text><Other Option>addr</Other Option><Operator 1>=</Operator 1><Path>@helloworld</Path><Normal Text>)</Normal Text><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>		</Normal Text><Comment># Rlimit rule</Comment><br/>
 <Normal Text>		</Normal Text><Rule>set</Rule><Normal Text> </Normal Text><Rule>rlimit</Rule><Normal Text> </Normal Text><Data>data</Data><Normal Text>  </Normal Text><Operator 2><=</Operator 2><Normal Text> </Normal Text><Number>100</Number><Flags>M</Flags><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>		</Normal Text><Rule>set</Rule><Normal Text> </Normal Text><Rule>rlimit</Rule><Normal Text> </Normal Text><Data>nproc</Data><Normal Text> </Normal Text><Operator 2><=</Operator 2><Normal Text> </Normal Text><Number>10</Number><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>		</Normal Text><Rule>set</Rule><Normal Text> </Normal Text><Rule>rlimit</Rule><Normal Text> </Normal Text><Data>memlock</Data><Normal Text> </Normal Text><Operator 2><=</Operator 2><Normal Text> </Normal Text><Number>2</Number><Flags>GB</Flags><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>		</Normal Text><Rule>set</Rule><Normal Text> </Normal Text><Rule>rlimit</Rule><Normal Text> </Normal Text><Data>rss</Data><Normal Text> </Normal Text><Operator 2><=</Operator 2><Normal Text> </Normal Text><Other Data>infinity</Other Data><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Rule>set</Rule><Normal Text> </Normal Text><Rule>rlimit</Rule><Normal Text> </Normal Text><Data>rss</Data><Normal Text> </Normal Text><Operator 2><=</Operator 2><Normal Text> </Normal Text><Number>infinity</Number><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>		</Normal Text><Comment># Change Profile rules</Comment><br/>
-<Normal Text>		</Normal Text><Rule>change_profile</Rule><Normal Text> </Normal Text><Data>unsafe</Data><Normal Text> </Normal Text><Path>/</Path><Globbing Char 1>**</Globbing Char 1><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Transition Profile Name>[^u/]</Transition Profile Name><Globbing Char 3>**</Globbing Char 3><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>		</Normal Text><Rule>change_profile</Rule><Normal Text> </Normal Text><Data>unsafe</Data><Normal Text> </Normal Text><Path>/</Path><Globbing Char 1>**</Globbing Char 1><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Transition Profile Name>{u,un,unc,unco,uncon,unconf,unconfi,unconfin,unconfine}</Transition Profile Name><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Rule>change_profile</Rule><Normal Text> </Normal Text><Data>unsafe</Data><Normal Text> </Normal Text><Path>/</Path><Globbing Char>**</Globbing Char><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Transition Profile Name>[^u/]</Transition Profile Name><Globbing Char in Tran. Prof.>**</Globbing Char in Tran. Prof.><End of Rule Char>,</End of Rule Char><br/>
+<Normal Text>		</Normal Text><Rule>change_profile</Rule><Normal Text> </Normal Text><Data>unsafe</Data><Normal Text> </Normal Text><Path>/</Path><Globbing Char>**</Globbing Char><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Transition Profile Name>{u,un,unc,unco,uncon,unconf,unconfi,unconfin,unconfine}</Transition Profile Name><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>		</Normal Text><Rule>change_profile</Rule><Normal Text> </Normal Text><Path>/bin/bash</Path><Normal Text>  </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><br/>
 <Normal Text>			</Normal Text><Transition Profile Name>new_profile</Transition Profile Name><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>		</Normal Text><Comment># Alias</Comment><br/>
 <Normal Text>		</Normal Text><Rule>alias</Rule><Normal Text> </Normal Text><Path>/usr/</Path><Normal Text> </Normal Text><Operator 2>-></Operator 2><Normal Text> </Normal Text><Path>/mnt/usr/</Path><End of Rule Char>,</End of Rule Char><br/>
-<Normal Text>	}</Normal Text><br/>
+<Normal Text>	</Normal Text><Operator 1>}</Operator 1><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>	</Normal Text><Comment># Hat</Comment><br/>
-<Profile Head>	^</Profile Head><Profile Name>foo-helper</Profile Name><Normal Text> {</Normal Text><br/>
+<Profile Head>	^</Profile Head><Profile Name>foo-helper</Profile Name><Normal Text> </Normal Text><Operator 1>{</Operator 1><br/>
 <Normal Text>		</Normal Text><Rule>network</Rule><Normal Text> </Normal Text><Data>unix</Data><Normal Text> </Normal Text><Data>stream</Data><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>		</Normal Text><Rule>unix</Rule><Normal Text> </Normal Text><Data>stream</Data><End of Rule Char>,</End of Rule Char><br/>
 <dsNormal></dsNormal><br/>
-<Normal Text>		</Normal Text><Path>/usr/hi</Path><Escape Expression>\"</Escape Expression><Path>esc</Path><Escape Expression>\x23</Escape Expression><Path>esc</Path><Escape Expression>\032</Escape Expression><Path>esc</Path><Escape Expression>\*</Escape Expression><Path>es</Path><Escape Expression>\{</Escape Expression><Path>esc</Path><Escape Expression>\ </Escape Expression><Path>rw</Path><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><Normal Text> </Normal Text><Comment># Escape expressions</Comment><br/>
+<Normal Text>		</Normal Text><Path>/usr/hi</Path><Escape Char>\"</Escape Char><Path>esc</Path><Escape Char>\x23</Escape Char><Path>esc</Path><Escape Char>\032</Escape Char><Path>esc</Path><Escape Char>\*</Escape Char><Path>es</Path><Escape Char>\{</Escape Char><Path>esc</Path><Escape Char>\ </Escape Char><Path>rw</Path><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><Normal Text> </Normal Text><Comment># Escape expressions</Comment><br/>
 <dsNormal></dsNormal><br/>
 <Normal Text>		</Normal Text><Comment># Text after a variable is highlighted as path</Comment><br/>
 <Normal Text>		</Normal Text><Rule>file</Rule><Normal Text> </Normal Text><Path>/my/path</Path><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>		</Normal Text><Variable>@{FOO_LIB}</Variable><Path>file</Path><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><br/>
 <Normal Text>		</Normal Text><Variable>@{FOO_LIB}</Variable><Path>#my/path</Path><Permissions> r</Permissions><End of Rule Char>,</End of Rule Char><Normal Text> </Normal Text><Comment>#Comment</Comment><br/>
-<Normal Text>	}</Normal Text><br/>
-<Normal Text>}</Normal Text><br/>
+<Normal Text>	</Normal Text><Operator 1>}</Operator 1><br/>
+<Operator 1>}</Operator 1><br/>
diff --git a/data/syntax/apparmor.xml b/data/syntax/apparmor.xml
--- a/data/syntax/apparmor.xml
+++ b/data/syntax/apparmor.xml
@@ -1,10 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE language SYSTEM "language.dtd"
 [
-	<!ENTITY pathchar       "\w\-\.\*\?\+@,\\&amp;&#037;&#036;&#033;&#126;">
-	<!ENTITY nopathchar     "\s\)&quot;">
-	<!ENTITY varname        "[A-Za-z]\w*">
-	<!ENTITY exec           "[pPcC]?[iuU]?x">
+	<!ENTITY varname     "[A-Za-z]\w*">
+	<!ENTITY exec        "[pPcC]?[iuU]?x">
+	<!-- Characters not allowed in a path -->
+	<!ENTITY nopathchar_simple  ")&quot;">
+	<!ENTITY nopathchar         "\s\)&quot;">
+	<!-- Path characters after a variable or brackets:
+	     \w +-,.*?@\/ ([{# !$%&':;<>^`|~ and Non-ASCII -->
+	<!ENTITY noaftervar  "&nopathchar;\]\}\=">
 ]>
 
 <!--
@@ -31,31 +35,32 @@
   ==========================================================================================
   
   Last update:
-	Syntax highlighting based in AppArmor 2.12.0
+	Syntax highlighting based in AppArmor 2.13.0
 	For more details about the syntax of AppArmor profiles, visit:
 		https://gitlab.com/apparmor/apparmor/wikis/Documentation
 		http://manpages.ubuntu.com/manpages/artful/en/man5/apparmor.d.5.html
   
   Change log:
-	* Version 5 [31-Jan-2018, by Nibaldo González]:
-		- Fix 'itemDatas' and end-of-rules keywords.
-	* Version 4 [25-Jan-2018, by Nibaldo González]: (AppArmor 2.12.0)
+	* Version 6 [15-Apr-2018, by Nibaldo G.]: (AppArmor 2.13.0)
+		- Some optimizations. Allow any character as escape.
+		- Add the profile flag 'xattrs' keyword and 'if exists' in Include rules.
+	* Version 4 [25-Jan-2018, by Nibaldo G.]: (AppArmor 2.12.0)
 		- New keywords: network and mount rules, default abstractions, variables and others.
 		- Improvements in the highlighting of Include rules, variables, rlimit rules, 
 		  profile name, transition profile rules, end of rule context & file permissions.
 		- Fixes: Comments within rules, sensitive keywords, owner qualifier & others.
-	* Version 3 [24-Sep-2017, by Nibaldo González]:
+	* Version 3 [24-Sep-2017, by Nibaldo G.]:
 		- Fix incorrect highlighting of the DBus rule 'name' keyword.
-	* Version 2 [29-Aug-2017, by Nibaldo González]:
+	* Version 2 [29-Aug-2017, by Nibaldo G.]:
 		- Improvements in highlighting and bug fixes.
 		- Each rule has its own context.
 		- The profile name is highlighted in the profile header and profile transition rules.
   	* Version 1 [22-Feb-2017, by Nibaldo González]:
 		- Initial version. Support for profile syntax of Apparmor 2.11.
 -->
 
 <language name="AppArmor Security Profile"
-		version="5"
+		version="6"
 		kateversion="5.0"
 		section="Markup"
 		extensions="usr.bin.*;usr.sbin.*;bin.*;sbin.*;usr.lib.*;usr.lib64.*;usr.lib32.*;usr.libx32.*;usr.libexec.*;usr.local.bin.*;usr.local.sbin.*;usr.local.lib*;opt.*;etc.cron.*"
@@ -73,19 +78,15 @@
 		</list>
 		<list name="profile_options">
 			<item>flags</item>
+			<item>xattrs</item>
 		</list>
 		<list name="profile_flags">
 			<item>audit</item>
-			<item>complain</item>
-			<item>enforce</item>
-			<item>mediate_deleted</item>
-			<item>attach_disconnected</item>
-			<item>chroot_relative</item>
-			<item>chroot_attach</item>
-			<item>chroot_no_attach</item>
-			<item>delegate_deleted</item>
-			<item>no_attach_disconnected</item>
-			<item>namespace_relative</item>
+			<item>enforce</item>             <item>complain</item>
+			<item>mediate_deleted</item>     <item>delegate_deleted</item>
+			<item>attach_disconnected</item> <item>no_attach_disconnected</item>
+			<item>chroot_relative</item>     <item>namespace_relative</item>
+			<item>chroot_attach</item>       <item>chroot_no_attach</item>
 		</list>
 
 		<!-- Rule Qualifiers -->
@@ -99,104 +100,63 @@
 		</list>
 		<list name="qualifiers">
 			<item>audit</item>
-			<!-- defined, if, else, not -->
+			<!-- noaudit/quiet, defined, if, else, not -->
 		</list>
 		
 		<!-- Capabilities, Capability Rule.
 		     Lowercase capability name without 'CAP_' prefix.
 		     http://man7.org/linux/man-pages/man7/capabilities.7.html -->
 		<list name="rule_capability">
-			<item>audit_control</item>
-			<item>audit_read</item>
-			<item>audit_write</item>
-			<item>block_suspend</item>
-			<item>chown</item>
-			<item>dac_override</item>
-			<item>dac_read_search</item>
-			<item>fowner</item>
-			<item>fsetid</item>
-			<item>ipc_lock</item>
-			<item>ipc_owner</item>
-			<item>kill</item>
-			<item>lease</item>
-			<item>linux_immutable</item>
-			<item>mac_admin</item>
-			<item>mac_override</item>
-			<item>mknod</item>
-			<item>net_admin</item>
-			<item>net_bind_service</item>
-			<item>net_broadcast</item>
-			<item>net_raw</item>
-			<item>setgid</item>
-			<item>setfcap</item>
-			<item>setpcap</item>
-			<item>setuid</item>
-			<item>sys_admin</item>
-			<item>sys_boot</item>
-			<item>sys_chroot</item>
-			<item>sys_module</item>
-			<item>sys_nice</item>
-			<item>sys_pacct</item>
-			<item>sys_ptrace</item>
-			<item>sys_rawio</item>
-			<item>sys_resource</item>
-			<item>sys_time</item>
-			<item>sys_tty_config</item>
-			<item>syslog</item>
-			<item>wake_alarm</item>
+			<item>audit_control</item>    <item>audit_read</item>
+			<item>audit_write</item>      <item>block_suspend</item>
+			<item>chown</item>            <item>dac_override</item>
+			<item>dac_read_search</item>  <item>fowner</item>
+			<item>fsetid</item>           <item>ipc_lock</item>
+			<item>ipc_owner</item>        <item>kill</item>
+			<item>lease</item>            <item>linux_immutable</item>
+			<item>mac_admin</item>        <item>mac_override</item>
+			<item>mknod</item>            <item>net_admin</item>
+			<item>net_bind_service</item> <item>net_broadcast</item>
+			<item>net_raw</item>          <item>setgid</item>
+			<item>setfcap</item>          <item>setpcap</item>
+			<item>setuid</item>           <item>sys_admin</item>
+			<item>sys_boot</item>         <item>sys_chroot</item>
+			<item>sys_module</item>       <item>sys_nice</item>
+			<item>sys_pacct</item>        <item>sys_ptrace</item>
+			<item>sys_rawio</item>        <item>sys_resource</item>
+			<item>sys_time</item>         <item>sys_tty_config</item>
+			<item>syslog</item>           <item>wake_alarm</item>
 		</list>
 
 		<!-- Network Rule -->
 		<list name="rule_network">
 			<!-- Domain.
 				 Also: unix -->
-			<item>inet</item>
-			<item>ax25</item>
-			<item>ipx</item>
-			<item>appletalk</item>
-			<item>netrom</item>
-			<item>bridge</item>
-			<item>atmpvc</item>
-			<item>x25</item>
-			<item>inet6</item>
-			<item>rose</item>
-			<item>netbeui</item>
-			<item>security</item>
-			<item>key</item>
-			<item>packet</item>
-			<item>ash</item>
-			<item>econet</item>
-			<item>atmsvc</item>
-			<item>sna</item>
-			<item>irda</item>
-			<item>pppox</item>
-			<item>wanpipe</item>
-			<item>bluetooth</item>
-			<item>netlink</item>
-			<item>rds</item>
-			<item>llc</item>
-			<item>can</item>
-			<item>tipc</item>
-			<item>iucv</item>
-			<item>rxrpc</item>
-			<item>isdn</item>
-			<item>phonet</item>
-			<item>ieee802154</item>
-			<item>caif</item>
-			<item>alg</item>
-			<item>nfc</item>
-			<item>vsock</item>
-			<item>mpls</item>
-			<item>ib</item>
-			<item>kcm</item>
-			<item>smc</item>
+			<item>inet</item>        <item>ax25</item>
+			<item>ipx</item>         <item>appletalk</item>
+			<item>netrom</item>      <item>bridge</item>
+			<item>atmpvc</item>      <item>x25</item>
+			<item>inet6</item>       <item>rose</item>
+			<item>netbeui</item>     <item>security</item>
+			<item>key</item>         <item>packet</item>
+			<item>ash</item>         <item>econet</item>
+			<item>atmsvc</item>      <item>sna</item>
+			<item>irda</item>        <item>pppox</item>
+			<item>wanpipe</item>     <item>bluetooth</item>
+			<item>netlink</item>     <item>rds</item>
+			<item>llc</item>         <item>can</item>
+			<item>tipc</item>        <item>iucv</item>
+			<item>rxrpc</item>       <item>isdn</item>
+			<item>phonet</item>      <item>ieee802154</item>
+			<item>caif</item>        <item>alg</item>
+			<item>nfc</item>         <item>vsock</item>
+			<item>mpls</item>        <item>ib</item>
+			<item>kcm</item>         <item>smc</item>
 
 			<!-- Type.
 				 Also: packet -->
-			<item>stream</item>
-			<item>dgram</item>
-			<item>seqpacket</item>
-			<item>rdm</item>
+			<item>stream</item>      <item>dgram</item>
+			<item>seqpacket</item>   <item>rdm</item>
 			<item>raw</item>
 
 			<!-- Protocol -->
@@ -209,157 +169,73 @@
 				 to avoid conflicts with the 'unix' rule name. -->
 			<item>unix</item>
 		</list>
-		
+
 		<!-- Mount Rule -->
 		<list name="rule_mount_options">
-			<item>fstype</item>
-			<item>vfstype</item>
-			<item>options</item>
-			<item>option</item>
+			<item>fstype</item>       <item>vfstype</item>
+			<item>options</item>      <item>option</item>
 		</list>
 		<list name="rule_mount_flags">
-			<item>r</item>
-			<item>w</item>
-			<item>rw</item>
-			<item>ro</item>
-			<item>read-only</item>
-			<item>suid</item>
-			<item>nosuid</item>
-			<item>dev</item>
-			<item>nodev</item>
-			<item>exec</item>
-			<item>noexec</item>
-			<item>sync</item>
-			<item>async</item>
-			<item>remount</item>
-			<item>mand</item>
-			<item>nomand</item>
-			<item>dirsync</item>
-			<item>atime</item>
-			<item>noatime</item>
-			<item>diratime</item>
-			<item>nodiratime</item>
-			<item>bind</item>
-			<item>B</item>
-			<item>move</item>
-			<item>M</item>
-			<item>rbind</item>
-			<item>R</item>
-			<item>verbose</item>
-			<item>silent</item>
-			<item>loud</item>
-			<item>acl</item>
-			<item>noacl</item>
-			<item>unbindable</item>
-			<item>make-unbindable</item>
-			<item>runbindable</item>
-			<item>make-runbindable</item>
-			<item>private</item>
-			<item>make-private</item>
-			<item>rprivate</item>
-			<item>make-rprivate</item>
-			<item>slave</item>
-			<item>make-slave</item>
-			<item>rslave</item>
-			<item>make-rslave</item>
-			<item>shared</item>
-			<item>make-shared</item>
-			<item>rshared</item>
-			<item>make-rshared</item>
-			<item>relatime</item>
-			<item>norelatime</item>
-			<item>iversion</item>
-			<item>noiversion</item>
-			<item>strictatime</item>
-			<item>user</item>
-			<item>nouser</item>
+			<item>r</item>            <item>w</item>
+			<item>rw</item>           <item>ro</item>
+			<item>read-only</item>    <item>suid</item>
+			<item>nosuid</item>       <item>dev</item>
+			<item>nodev</item>        <item>exec</item>
+			<item>noexec</item>       <item>sync</item>
+			<item>async</item>        <item>remount</item>
+			<item>mand</item>         <item>nomand</item>
+			<item>dirsync</item>      <item>atime</item>
+			<item>noatime</item>      <item>diratime</item>
+			<item>nodiratime</item>   <item>bind</item>
+			<item>B</item>            <item>move</item>
+			<item>M</item>            <item>rbind</item>
+			<item>R</item>            <item>verbose</item>
+			<item>silent</item>       <item>loud</item>
+			<item>acl</item>          <item>noacl</item>
+			<item>unbindable</item>   <item>make-unbindable</item>
+			<item>runbindable</item>  <item>make-runbindable</item>
+			<item>private</item>      <item>make-private</item>
+			<item>rprivate</item>     <item>make-rprivate</item>
+			<item>slave</item>        <item>make-slave</item>
+			<item>rslave</item>       <item>make-rslave</item>
+			<item>shared</item>       <item>make-shared</item>
+			<item>rshared</item>      <item>make-rshared</item>
+			<item>relatime</item>     <item>norelatime</item>
+			<item>iversion</item>     <item>noiversion</item>
+			<item>strictatime</item>  <item>user</item>
+			<item>nouser</item>   
 		</list>
 		<list name="rule_mount_fstypes">
 			<!-- VFS Types -->
-			<item>autofs</item>
-			<item>bdev</item>
-			<item>bpf</item>
-			<item>cachefs</item>
-			<item>cgroup</item>
-			<item>cgroup2</item>
-			<item>cifs</item>
-			<item>coherent</item>
-			<item>configfs</item>
-			<item>cpuset</item>
-			<item>cramfs</item>
-			<item>debugfs</item>
-			<item>devfs</item>
-			<item>devpts</item>
-			<item>devtmpfs</item>
-			<item>ecryptfs</item>
-			<item>efs</item>
-			<item>fuse</item>
-			<item>fuseblk</item>
-			<item>fusectl</item>
-			<item>hugetlbfs</item>
-			<item>iso9660</item>
-			<item>kernfs</item>
-			<item>mqueue</item>
-			<item>pipefs</item>
-			<item>proc</item>
-			<item>procfs</item>
-			<item>pstore</item>
-			<item>ramfs</item>
-			<item>romfs</item>
-			<item>rootfs</item>
-			<item>securityfs</item>
-			<item>selinuxfs</item>
-			<item>sockfs</item>
-			<item>specfs</item>
-			<item>squashfs</item>
-			<item>swapfs</item>
-			<item>sysfs</item>
-			<item>sysv</item>
-			<item>tmpfs</item>
-			<item>usbfs</item>
-			<item>vfat</item>
+			<item>autofs</item>     <item>bdev</item>       <item>bpf</item>
+			<item>cachefs</item>    <item>cgroup</item>     <item>cgroup2</item>
+			<item>cifs</item>       <item>coherent</item>   <item>configfs</item>
+			<item>cpuset</item>     <item>cramfs</item>     <item>debugfs</item>
+			<item>devfs</item>      <item>devpts</item>     <item>devtmpfs</item>
+			<item>ecryptfs</item>   <item>efs</item>        <item>fuse</item>     
+			<item>fuseblk</item>    <item>fusectl</item>    <item>hugetlbfs</item>
+			<item>iso9660</item>    <item>kernfs</item>     <item>mqueue</item>
+			<item>pipefs</item>     <item>proc</item>       <item>procfs</item>
+			<item>pstore</item>     <item>ramfs</item>      <item>romfs</item>
+			<item>rootfs</item>     <item>securityfs</item> <item>selinuxfs</item>
+			<item>sockfs</item>     <item>specfs</item>     <item>squashfs</item>
+			<item>swapfs</item>     <item>sysfs</item>      <item>sysv</item>
+			<item>tmpfs</item>      <item>usbfs</item>      <item>vfat</item>
 			<!-- FS Types -->
-			<item>adfs</item>
-			<item>affs</item>
-			<item>apfs</item>
-			<item>btrfs</item>
-			<item>coda</item>
-			<item>exfat</item>
-			<item>ext2</item>
-			<item>ext3</item>
-			<item>ext4</item>
-			<item>f2fs</item>
-			<item>fatx</item>
-			<item>hfs</item>
-			<item>hfsplus</item>
-			<item>hpfs</item>
-			<item>jfs</item>
-			<item>lvm2</item>
-			<item>minix</item>
-			<item>msdos</item>
-			<item>ncpfs</item>
-			<item>nilfs</item>
-			<item>nilfs2</item>
-			<item>nfs</item>
-			<item>nfs4</item>
-			<item>ntfs</item>
-			<item>ntfs-3g</item>
-			<item>openzfs</item>
-			<item>qnx4</item>
-			<item>qnx6</item>
-			<item>reiser4</item>
-			<item>reiserfs</item>
-			<item>smbfs</item>
-			<item>swap</item>
-			<item>tracefs</item>
-			<item>ubifs</item>
-			<item>udf</item>
-			<item>ufs</item>
-			<item>umsdos</item>
-			<item>urefs</item>
-			<item>xenix</item>	
-			<item>xfs</item>
-			<item>zfs</item>
+			<item>adfs</item>       <item>affs</item>       <item>apfs</item>
+			<item>btrfs</item>      <item>coda</item>       <item>exfat</item>
+			<item>ext2</item>       <item>ext3</item>       <item>ext4</item>
+			<item>f2fs</item>       <item>fatx</item>       <item>hfs</item>
+			<item>hfsplus</item>    <item>hpfs</item>       <item>jfs</item>
+			<item>lvm2</item>       <item>minix</item>      <item>msdos</item>
+			<item>ncpfs</item>      <item>nilfs</item>      <item>nilfs2</item>
+			<item>nfs</item>        <item>nfs4</item>       <item>ntfs</item>
+			<item>ntfs-3g</item>    <item>openzfs</item>    <item>qnx4</item>
+			<item>qnx6</item>       <item>reiser4</item>    <item>reiserfs</item>
+			<item>smbfs</item>      <item>swap</item>       <item>tracefs</item>
+			<item>ubifs</item>      <item>udf</item>       	<item>ufs</item>
+			<item>umsdos</item>     <item>urefs</item>      <item>xenix</item>	
+			<item>xfs</item>        <item>zfs</item>
 			<!-- Not included: ext, usbdevfs, xiafs -->
 		</list>
 
@@ -386,39 +262,17 @@
 		</list>
 		<list name="rule_signal">
 			<!-- Also: rtmin+0 ... rtmin+32 -->
-			<item>bus</item>
-			<item>hup</item>
-			<item>int</item>
-			<item>quit</item>
-			<item>ill</item>
-			<item>trap</item>
-			<item>abrt</item>
-			<item>fpe</item>
-			<item>kill</item>
-			<item>usr1</item>
-			<item>segv</item>
-			<item>usr2</item>
-			<item>pipe</item>
-			<item>alrm</item>
-			<item>term</item>
-			<item>stkflt</item>
-			<item>chld</item>
-			<item>cont</item>
-			<item>stop</item>
-			<item>stp</item>
-			<item>ttin</item>
-			<item>ttou</item>
-			<item>urg</item>
-			<item>xcpu</item>
-			<item>xfsz</item>
-			<item>vtalrm</item>
-			<item>prof</item>
-			<item>winch</item>
-			<item>io</item>
-			<item>pwr</item>
-			<item>sys</item>
-			<item>emt</item>
-			<item>exists</item>
+			<item>bus</item>     <item>hup</item>     <item>int</item>
+			<item>quit</item>    <item>ill</item>     <item>trap</item>
+			<item>abrt</item>    <item>fpe</item>     <item>kill</item>
+			<item>usr1</item>    <item>segv</item>    <item>usr2</item>
+			<item>pipe</item>    <item>alrm</item>    <item>term</item>
+			<item>stkflt</item>  <item>chld</item>    <item>cont</item>
+			<item>stop</item>    <item>stp</item>     <item>ttin</item>
+			<item>ttou</item>    <item>urg</item>     <item>xcpu</item>
+			<item>xfsz</item>    <item>vtalrm</item>  <item>prof</item>
+			<item>winch</item>   <item>io</item>      <item>pwr</item>
+			<item>sys</item>     <item>emt</item>     <item>exists</item>
 		</list>
 		<list name="rule_signal_access">
 			<!-- Also: r, w, rw, read, write -->
@@ -428,74 +282,51 @@
 
 		<!-- DBus Rule -->
 		<list name="rule_dbus_options">
-			<item>peer</item>
-			<item>bus</item>
-			<item>path</item>
-			<item>interface</item>
-			<item>member</item>
-			<item>name</item>
+			<item>peer</item>        <item>bus</item>
+			<item>path</item>        <item>interface</item>
+			<item>member</item>      <item>name</item>
 		</list>
 		<list name="rule_dbus_peer">
 			<item>name</item>
 			<item>label</item>
 		</list>
 		<list name="rule_dbus_access">
 			<!-- Also: r, w, rw, read, write -->
-			<item>send</item>
-			<item>receive</item>
-			<item>bind</item>
-			<item>eavesdrop</item>
+			<item>send</item>        <item>receive</item>
+			<item>bind</item>        <item>eavesdrop</item>
 		</list>
 		<list name="rule_dbus_bus">
 			<item>system</item>
 			<item>session</item>
 		</list>
 		
 		<!-- Unix Rule -->
 		<list name="rule_unix_options">			
-			<item>peer</item>
-			<item>set</item>
-			<item>label</item>
-			<item>type</item>
-			<item>protocol</item>
-			<item>addr</item>
-			<item>attr</item>
-			<item>opt</item>
+			<item>peer</item>        <item>set</item>
+			<item>label</item>       <item>type</item>
+			<item>protocol</item>    <item>addr</item>
+			<item>attr</item>        <item>opt</item>
 		</list>
 		<list name="rule_unix_access">
 			<!-- Also: r, w, rw, read, write -->
-			<item>send</item>
-			<item>receive</item>
-			<item>bind</item>
-			<item>create</item>
-			<item>listen</item>
-			<item>accept</item>
-			<item>connect</item>
-			<item>shutdown</item>
-			<item>getattr</item>
-			<item>setattr</item>
-			<item>getopt</item>
-			<item>setopt</item>
+			<item>send</item>        <item>receive</item>
+			<item>bind</item>        <item>create</item>
+			<item>listen</item>      <item>accept</item>
+			<item>connect</item>     <item>shutdown</item>
+			<item>getattr</item>     <item>setattr</item>
+			<item>getopt</item>      <item>setopt</item>
 		</list>
 
 		<!-- Rlimit Rule -->
 		<list name="rule_rlimit">
-			<item>cpu</item>
-			<item>fsize</item>
-			<item>data</item>
-			<item>stack</item>
-			<item>core</item>
-			<item>rss</item>
-			<item>nofile</item>
-			<item>ofile</item>
-			<item>as</item>
-			<item>nproc</item>
-			<item>memlock</item>
-			<item>locks</item>
-			<item>sigpending</item>
-			<item>msgqueue</item>
-			<item>nice</item>
-			<item>rtprio</item>
+			<item>cpu</item>         <item>fsize</item>
+			<item>data</item>        <item>stack</item>
+			<item>core</item>        <item>rss</item>
+			<item>nofile</item>      <item>ofile</item>
+			<item>as</item>          <item>nproc</item>
+			<item>memlock</item>     <item>locks</item>
+			<item>sigpending</item>  <item>msgqueue</item>
+			<item>nice</item>        <item>rtprio</item>
 			<item>rttime</item>
 		</list>
 
@@ -509,6 +340,11 @@
 			<item>safe</item>
 			<item>unsafe</item>
 		</list>
+
+		<list name="rule_include">
+			<item>if</item>
+			<item>exists</item>
+		</list>
 		
 		<!-- Permissions -->
 		<list name="base_accesses">
@@ -525,151 +361,90 @@
 		<list name="default_variables">
 			<item>profile_name</item> <!-- Special variable -->
 			
-			<item>HOME</item>
-			<item>HOMEDIRS</item>
-			<item>multiarch</item>
-			<item>pid</item>
-			<item>pids</item>
-			<item>PROC</item>
-			<item>securityfs</item>
-			<item>apparmorfs</item>
-			<item>sys</item>
-			<item>tid</item>
-			<item>XDG_DESKTOP_DIR</item>
-			<item>XDG_DOWNLOAD_DIR</item>
-			<item>XDG_TEMPLATES_DIR</item>
-			<item>XDG_PUBLICSHARE_DIR</item>
-			<item>XDG_DOCUMENTS_DIR</item>
-			<item>XDG_MUSIC_DIR</item>
-			<item>XDG_PICTURES_DIR</item>
-			<item>XDG_VIDEOS_DIR</item>
+			<item>HOME</item>                 <item>HOMEDIRS</item>
+			<item>multiarch</item>            <item>pid</item>
+			<item>pids</item>                 <item>PROC</item>
+			<item>securityfs</item>           <item>apparmorfs</item>
+			<item>sys</item>                  <item>tid</item>
+			<item>XDG_DESKTOP_DIR</item>      <item>XDG_DOWNLOAD_DIR</item>
+			<item>XDG_TEMPLATES_DIR</item>    <item>XDG_PUBLICSHARE_DIR</item>
+			<item>XDG_DOCUMENTS_DIR</item>    <item>XDG_MUSIC_DIR</item>
+			<item>XDG_PICTURES_DIR</item>     <item>XDG_VIDEOS_DIR</item>
 		</list>
 		<list name="default_abstractions">
-			<item>abstractions/</item>
-			<item>apache2-common</item>
-			<item>aspell</item>
-			<item>audio</item>
-			<item>authentication</item>
-			<item>base</item>
-			<item>bash</item>
-			<item>consoles</item>
-			<item>cups-client</item>
-			<item>dbus</item>
-			<item>dbus-accessibility</item>
-			<item>dbus-accessibility-strict</item>
-			<item>dbus-session</item>
-			<item>dbus-session-strict</item>
-			<item>dbus-strict</item>
-			<item>dconf</item>
-			<item>dovecot-common</item>
-			<item>enchant</item>
-			<item>fcitx</item>
-			<item>fcitx-strict</item>
-			<item>fonts</item>
-			<item>freedesktop.org</item>
-			<item>gnome</item>
-			<item>gnupg</item>
-			<item>ibus</item>
-			<item>kde</item>
-			<item>kerberosclient</item>
-			<item>launchpad-integration</item>
-			<item>ldapclient</item>
-			<item>libpam-systemd</item>
-			<item>likewise</item>
-			<item>mdns</item>
-			<item>mir</item>
-			<item>mozc</item>
-			<item>mysql</item>
-			<item>nameservice</item>
-			<item>nis</item>
-			<item>nvidia</item>
-			<item>openssl</item>
-			<item>orbit2</item>
-			<item>p11-kit</item>
-			<item>perl</item>
-			<item>php</item>
-			<item>php5</item>
-			<item>postfix-common</item>
-			<item>private-files</item>
-			<item>private-files-strict</item>
-			<item>python</item>
-			<item>ruby</item>
-			<item>samba</item>
-			<item>smbpass</item>
-			<item>ssl_certs</item>
-			<item>ssl_keys</item>
-			<item>svn-repositories</item>
-			<item>ubuntu-bittorrent-clients</item>
-			<item>ubuntu-browsers</item>
-			<item>ubuntu-console-browsers</item>
-			<item>ubuntu-console-email</item>
-			<item>ubuntu-email</item>
-			<item>ubuntu-feed-readers</item>
-			<item>ubuntu-gnome-terminal</item>
-			<item>ubuntu-helpers</item>
-			<item>ubuntu-konsole</item>
-			<item>ubuntu-media-players</item>
-			<item>ubuntu-unity7-base</item>
-			<item>ubuntu-unity7-launcher</item>
-			<item>ubuntu-unity7-messaging</item>
-			<item>ubuntu-xterm</item>
-			<item>user-download</item>
-			<item>user-mail</item>
-			<item>user-manpages</item>
-			<item>user-tmp</item>
-			<item>user-write</item>
-			<item>video</item>
-			<item>wayland</item>
-			<item>web-data</item>
-			<item>winbind</item>
-			<item>wutmp</item>
-			<item>X</item>
-			<item>xad</item>
-			<item>xdg-desktop</item>
+			<item>abstractions/</item>        <item>apache2-common</item>
+			<item>aspell</item>               <item>audio</item>
+			<item>authentication</item>       <item>base</item>
+			<item>bash</item>                 <item>consoles</item>
+			<item>cups-client</item>          <item>dbus</item>
+			<item>dbus-accessibility</item>   <item>dbus-accessibility-strict</item>
+			<item>dbus-session</item>         <item>dbus-session-strict</item>
+			<item>dbus-strict</item>          <item>dconf</item>
+			<item>dri-common</item>           <item>dri-enumerate</item>
+			<item>dovecot-common</item>       <item>enchant</item>
+			<item>fcitx</item>                <item>fcitx-strict</item>
+			<item>fonts</item>                <item>freedesktop.org</item>
+			<item>gnome</item>                <item>gnupg</item>
+			<item>ibus</item>                 <item>kde</item>
+			<item>kerberosclient</item>       <item>launchpad-integration</item>
+			<item>ldapclient</item>           <item>libpam-systemd</item>
+			<item>likewise</item>             <item>mdns</item>
+			<item>mir</item>                  <item>mozc</item>
+			<item>mysql</item>                <item>nameservice</item>
+			<item>nis</item>                  <item>nvidia</item>
+			<item>openssl</item>              <item>orbit2</item>
+			<item>p11-kit</item>              <item>perl</item>
+			<item>php</item>                  <item>php5</item>
+			<item>postfix-common</item>       <item>python</item>
+			<item>private-files</item>        <item>private-files-strict</item>
+			<item>ruby</item>                 <item>samba</item>
+			<item>smbpass</item>              <item>svn-repositories</item>
+			<item>ssl_certs</item>            <item>ssl_keys</item>           
+			<item>ubuntu-browsers</item>      <item>ubuntu-bittorrent-clients</item>
+			<item>ubuntu-console-email</item> <item>ubuntu-console-browsers</item>
+			<item>ubuntu-email</item>         <item>ubuntu-feed-readers</item>
+			<item>ubuntu-helpers</item>       <item>ubuntu-gnome-terminal</item>
+			<item>ubuntu-konsole</item>       <item>ubuntu-media-players</item>
+			<item>ubuntu-unity7-base</item>   <item>ubuntu-unity7-launcher</item>
+			<item>ubuntu-xterm</item>         <item>ubuntu-unity7-messaging</item>
+			<item>user-download</item>        <item>user-mail</item>
+			<item>user-manpages</item>        <item>user-tmp</item>
+			<item>user-write</item>           <item>video</item>
+			<item>wayland</item>              <item>web-data</item>
+			<item>winbind</item>              <item>wutmp</item>
+			<item>X</item>                    <item>xad</item>
+			<item>xdg-desktop</item> 
 
-			<item>ubuntu-browsers.d/</item>
-			<item>java</item>
-			<item>mailto</item>
-			<item>multimedia</item>
-			<item>plugins-common</item>
-			<item>productivity</item>
-			<item>text-editors</item>
-			<item>ubuntu-integration</item>
-			<item>ubuntu-integration-xul</item>
-			<item>user-files</item>
+			<item>ubuntu-browsers.d/</item>   <item>java</item>
+			<item>mailto</item>               <item>multimedia</item>
+			<item>plugins-common</item>       <item>productivity</item>
+			<item>text-editors</item>         <item>user-files</item>
+			<item>ubuntu-integration</item>   <item>ubuntu-integration-xul</item>
 
-			<item>apparmor_api/</item>
-			<item>change_profile</item>
-			<item>examine</item>
-			<item>find_mountpoint</item>
-			<item>introspect</item>
-			<item>is_enabled</item>
+			<item>apparmor_api/</item>        <item>change_profile</item>
+			<item>examine</item>              <item>find_mountpoint</item>
+			<item>introspect</item>           <item>is_enabled</item>           
 
-			<item>tunables/</item>
-			<item>alias</item>
-			<item>apparmorfs</item>
-			<item>dovecot</item>
-			<item>global</item>
-			<item>home</item>
-			<item>kernelvars</item>
-			<item>multiarch</item>
-			<item>ntpd</item>
-			<item>proc</item>
-			<item>securityfs</item>
-			<item>sys</item>
+			<item>tunables/</item>            <item>alias</item>
+			<item>apparmorfs</item>           <item>dovecot</item>
+			<item>global</item>               <item>home</item>
+			<item>kernelvars</item>           <item>multiarch</item>
+			<item>ntpd</item>                 <item>proc</item>
+			<item>securityfs</item>           <item>sys</item>
 			<item>xdg-user-dirs</item>
-			<item>home.d/</item>
-			<item>multiarch.d/</item>
-			<item>xdg-user-dirs.d/</item>
-			<item>site.local</item>
+			<item>home.d/</item>              <item>multiarch.d/</item>
+			<item>xdg-user-dirs.d/</item>     <item>site.local</item>
 
 			<item>local/</item>
 		</list>
 
 		<list name="boolean">
 			<item>True</item>
 			<item>False</item>
 		</list>
+		<list name="numbers">
+			<item>infinity</item>
+		</list>
 		<list name="other_words">
 			<item>unspec</item>
 			<item>none</item>
@@ -719,13 +494,13 @@
 				<Detect2Chars context="_variable_assignment" attribute="Variable" char="@" char1="{" lookAhead="true" firstNonSpace="true"/>
 				<Detect2Chars context="_variable" attribute="Variable" char="@" char1="{" lookAhead="true"/>
 				<RegExpr context="_variable_assignment_operator" attribute="Variable" String="@&varname;(?=\s*(\+?\=|$))" insensitive="true" firstNonSpace="true"/>
+				<Detect2Chars context="_boolean_assignment" attribute="Variable" char="$" char1="{" lookAhead="true" firstNonSpace="true"/>
 				<Detect2Chars context="_boolean" attribute="Variable" char="$" char1="{" lookAhead="true"/>
-				<RegExpr context="#stay" attribute="Variable" String="\$&varname;(?=\s*(\=|$))" insensitive="true" firstNonSpace="true"/>
-				<keyword context="#stay" attribute="Other Option" String="boolean"/>
-
+				<RegExpr context="_boolean_assignment_operator" attribute="Variable" String="\$&varname;(?=\s*(\=|$))" insensitive="true" firstNonSpace="true"/>
+				
 				<IncludeRules context="_brackets_error"/>
-				<DetectChar context="#stay" attribute="Normal Text" char="{" beginRegion="Profile"/>
-				<DetectChar context="#stay" attribute="Normal Text" char="}" endRegion="Profile"/>
+				<DetectChar context="#stay" attribute="Operator 1" char="{" beginRegion="Profile"/>
+				<DetectChar context="#stay" attribute="Operator 1" char="}" endRegion="Profile"/>
 				<DetectChar context="_parentheses_block_profile" attribute="Normal Text" char="("/>
 				<DetectChar context="_r_square_brackets" attribute="Globbing Brackets" char="["/>
 
@@ -749,10 +524,9 @@
 				<keyword context="_rule_rlimit" attribute="Rule Error" String="rule_name_rlimit" beginRegion="Rule"/> <!-- set rlimit -->
 				<keyword context="_rule_set" attribute="Rule" String="rule_name_set"/>
 
+				<IncludeRules context="_operators"/>
 				<IncludeRules context="_path"/>
 				<IncludeRules context="_text_quoted"/>
-				<IncludeRules context="_operators"/>
-				<keyword context="#stay" attribute="Normal Text" String="default_variables"/>
 				<IncludeRules context="_file_rule_permissions"/>
 			</context>
 			
@@ -762,16 +536,24 @@
 
 				<Detect2Chars context="_variable" attribute="Variable" char="@" char1="{" lookAhead="true"/>
 				<Detect2Chars context="_boolean" attribute="Variable" char="$" char1="{" lookAhead="true"/>
-				<keyword context="#stay" attribute="Other Option" String="boolean"/>
 				<IncludeRules context="_brackets_error"/>
 			</context>
 			<context name="_comment" attribute="Comment" lineEndContext="#pop">
-				<LineContinue context="#pop" attribute="Comment"/>
 				<DetectSpaces />
 				<IncludeRules context="##Alerts"/>
 				<IncludeRules context="##Modelines"/>
 			</context>
 
+			<context name="_operators" attribute="Normal Text" lineEndContext="#stay">
+				<Detect2Chars context="_subprofile" attribute="SubProfile Operator" char="/" char1="/"/>
+				<DetectChar context="#stay" attribute="Operator 1" char="="/>
+				<Detect2Chars context="#stay" attribute="Operator 1" char="+" char1="="/>
+				<Detect2Chars context="#stay" attribute="Operator 2" char="-" char1="&gt;"/>
+			</context>
+			<context name="_operators_keywords" attribute="Normal Text" lineEndContext="#stay">
+				<RegExpr context="#stay" attribute="Operator 2" String="(^|\s)(in|to)\b"/>
+			</context>
+
 			<!-- Profile Header:
 			     Highlight the name of the profile.
 			     The profile name label is optional. This is written after the hat character (^) or a profile keyword. -->
@@ -801,18 +583,21 @@
 
 			<!-- Include Rule: include <abstraction/path> -->
 			<context name="_include" attribute="Preprocessor" lineEndContext="#pop">
-				<RegExpr context="#pop!_include_preplib_t" attribute="Prep. Lib" String="&lt;(?![\s&lt;&gt;])"/> <!-- <magic/path> -->
-				<RegExpr context="#pop!_include_preplib_q" attribute="Prep. Lib" String="&quot;(?!&quot;)"/> <!-- "/abs/path" -->
+				<keyword context="#stay" attribute="Preprocessor" String="rule_include"/>
+				<Detect2Chars context="#pop" attribute="Error" char="&quot;" char1="&quot;"/>
+				<Detect2Chars context="#pop" attribute="Error" char="&lt;" char1="&gt;"/>
+				<RegExpr context="#stay" attribute="Error" String="&lt;+(?=[&lt;\s])"/>
+				<DetectChar context="#pop!_include_preplib_t" attribute="Prep. Lib" char="&lt;"/> <!-- <magic/path> -->
+				<DetectChar context="#pop!_include_preplib_q" attribute="Prep. Lib" char="&quot;"/> <!-- "/abs/path" -->
 				<RegExpr context="#pop" attribute="Prep. Lib" String="/\S*(?=(\s|$))"/> <!-- /abs/path -->
-				<RegExpr context="#stay" attribute="Error" String="[^\s/&lt;&quot;]+"/>
 			</context>
 			<context name="_include_preplib_t" attribute="Prep. Lib" lineEndContext="#pop">
 				<DetectChar context="#pop" attribute="Prep. Lib" char="&gt;"/>
 				<keyword context="#stay" attribute="Prep. Lib" String="default_abstractions"/>
 				<RegExpr context="#pop" attribute="Open Prep. Lib" String="[^&lt;&gt;\s](?=($|\s))" insensitive="true"/>
 				
 				<DetectSpaces context="#pop" attribute="Normal Text" lookAhead="true"/>
-				<RegExpr context="#pop" attribute="Error" String="&lt;"/>
+				<DetectChar context="#pop" attribute="Error" char="&lt;"/>
 			</context>
 			<context name="_include_preplib_q" attribute="Prep. Lib" lineEndContext="#pop">
 				<DetectChar context="#pop" attribute="Prep. Lib" char="&quot;"/>
@@ -822,13 +607,20 @@
 			
 			<!-- Variables: @{VAR} -->
 			<context name="_variable" attribute="Variable" lineEndContext="#pop">
+				<!-- Text after variable is highlighted as path -->
+				<RegExpr context="#pop!_path_content" attribute="Variable" String="\}(?=[^&noaftervar;])" insensitive="true"/>
+				<IncludeRules context="_variable_common"/>
+			</context>
+			<context name="_variable_common" attribute="Variable" lineEndContext="#pop">
 				<!-- Invalid character or open brackets -->
-				<RegExpr context="#pop" attribute="Error" String="@(?=\{([^a-zA-Z]|&varname;[^\w\}]|[^\}]*$))" insensitive="true"/>
+				<RegExpr context="_default_variables" attribute="Error" String="@(?=\{([^a-zA-Z]|&varname;[^\w\}]|[^\}]*$))" insensitive="true"/>
 				<DetectSpaces context="#pop" attribute="Normal Text" lookAhead="true"/>
-				<!-- Text after variable is highlighted as path -->
-				<RegExpr context="#pop!_path_content" attribute="Variable" String="\}(?=[&pathchar;\[\{\(#])" insensitive="true"/>
 				<DetectChar context="#pop" attribute="Variable" char="}"/>
 			</context>
+			<context name="_default_variables" attribute="Normal Text" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop#pop">
+				<DetectChar context="#stay" attribute="Operator 1" char="{" beginRegion="Profile"/>
+				<keyword context="#pop" attribute="Normal Text" String="default_variables"/>
+			</context>
 			<context name="_variable_simple" attribute="Normal Text" lineEndContext="#stay">
 				<RegExpr context="#stay" attribute="Variable" String="@\{&varname;\}" insensitive="true"/>
 			</context>
@@ -842,80 +634,75 @@
 				<RegExpr context="#pop!_variable_assignment_line" attribute="Operator 1" String="\=(\s*)"/>
 			</context>
 			<context name="_variable_assignment_line" attribute="Path" lineEndContext="#pop">
-				<IncludeRules context="_path_globbing_chars"/>
-				<IncludeRules context="_common"/>
-				<IncludeRules context="_path"/>
+				<IncludeRules context="_path_globbing"/>
 				<IncludeRules context="_text_quoted"/>
-				<IncludeRules context="_globbrackets_rule"/>
-				<DetectChar context="_round_brackets" attribute="Globbing Brackets" char="("/>
+				<IncludeRules context="_variable_simple"/>
+				<RegExpr context="#stay" attribute="Variable" String="\$\{&varname;\}"/>
 				<Detect2Chars context="_subprofile" attribute="SubProfile Operator" char="/" char1="/"/>
 				<RegExpr context="#stay" attribute="Error" String=",(?=(\s|$))"/> <!-- End of rule comma -->
+				<StringDetect context="#stay" attribute="Error" String="#include" insensitive="true"/>
 				
 				<!-- NOTE: [V4][Jan 06, 2018] AppArmor does not detect comments in variable assignment lines 
 					 (these are carried through to the policy). This is an AppArmor bug, therefore, comments are 
 					 highlighted, but only when these are written after a space. Check this when the bug has been fixed. -->
 				<RegExpr context="_comment_variable_assignment_line" attribute="Path" String="\s(?=#)"/>
 			</context>
 			<context name="_comment_variable_assignment_line" attribute="Error" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop">
-				<DetectChar context="#pop!_comment" attribute="Error" char="#"/>
+				<DetectChar context="#pop" attribute="Error" char="#"/>
 			</context>
+
 			<!-- ${BOOLEAN} -->
 			<context name="_boolean" attribute="Variable" lineEndContext="#pop">
 				<RegExpr context="#pop" attribute="Error" String="\$(?=\{([^a-zA-Z]|&varname;[^\w\}]|[^\}]*$))" insensitive="true"/>
 				<DetectSpaces context="#pop" attribute="Normal Text" lookAhead="true"/>
 				<DetectChar context="#pop" attribute="Variable" char="}"/>
 			</context>
+			<context name="_boolean_assignment" attribute="Variable" lineEndContext="#pop">
+				<RegExpr context="#pop!_boolean_assignment_operator" attribute="Variable" String="\}(?=\s*\=)"/>
+				<IncludeRules context="_boolean"/>
+			</context>
+			<context name="_boolean_assignment_operator" attribute="Normal Text" lineEndContext="#pop">
+				<RegExpr context="#pop!_boolean_assignment_line" attribute="Error" String="\=(?=\s*$)"/>
+				<DetectChar context="#pop!_boolean_assignment_line" attribute="Operator 1" char="="/>
+			</context>
+			<context name="_boolean_assignment_line" attribute="Error" lineEndContext="#pop">
+				<DetectSpaces context="#stay" attribute="Normal Text"/>
+				<keyword context="#stay" attribute="Permissions" String="boolean"/>
+			</context>
 			
 			<!-- Access Modes / File Permissions -->
 			<context name="_permissions" attribute="Normal Text" lineEndContext="#stay">
 				<IncludeRules context="_permissions_correction"/>
-				<RegExpr context="#stay" attribute="Permissions" String="(^|\s)([rwkml]|&exec;)+(?=($|[\s,]))"/>
-				<RegExpr context="#stay" attribute="Permissions" String="(^|\s)([rakml]|&exec;)+(?=($|[\s,]))"/>
+				<RegExpr context="#stay" attribute="Permissions" String="(^|\s)(([rwkml]|&exec;)+|([rakml]|&exec;)+)(?=($|[\s,]))"/>
 			</context>
 			<context name="_file_rule_permissions" attribute="Normal Text" lineEndContext="#stay">
 				<IncludeRules context="_permissions_correction"/>
-				<RegExpr context="_rule_file" attribute="Permissions" String="(^|\s)([rwkml]|&exec;)+(?=($|[\s,]))"/>
-				<RegExpr context="_rule_file" attribute="Permissions" String="(^|\s)([rakml]|&exec;)+(?=($|[\s,]))"/>
+				<RegExpr context="_rule_file" attribute="Permissions" String="(^|\s)(([rwkml]|&exec;)+|([rakml]|&exec;)+)(?=($|[\s,]))"/>
 			</context>
 			<context name="_permissions_correction" attribute="Normal Text" lineEndContext="#stay">
 				<!-- Incompatible execution modes -->
-				<RegExpr context="#stay" attribute="Normal Text" String="(^|\s)[rwakml]*p[iUu]?x([rwakml]|p[iUu]?x)*([PcC]?[iUu]?x)([rwakml]|&exec;)*(?=($|[\s,]))"/>
-				<RegExpr context="#stay" attribute="Normal Text" String="(^|\s)[rwakml]*P[iUu]?x([rwakml]|P[iUu]?x)*([pcC]?[iUu]?x)([rwakml]|&exec;)*(?=($|[\s,]))"/>
-				<RegExpr context="#stay" attribute="Normal Text" String="(^|\s)[rwakml]*c[iUu]?x([rwakml]|c[iUu]?x)*([PpC]?[iUu]?x)([rwakml]|&exec;)*(?=($|[\s,]))"/>
-				<RegExpr context="#stay" attribute="Normal Text" String="(^|\s)[rwakml]*C[iUu]?x([rwakml]|C[iUu]?x)*([Ppc]?[iUu]?x)([rwakml]|&exec;)*(?=($|[\s,]))"/>
-				<RegExpr context="#stay" attribute="Normal Text" String="(^|\s)[rwakml]*[PpCc]?ix([rwakml]|[PpCc]?ix)*([PpCc]?[Uu]?x)([rwakml]|&exec;)*(?=($|[\s,]))"/>
-				<RegExpr context="#stay" attribute="Normal Text" String="(^|\s)[rwakml]*[PpCc]?ux([rwakml]|[PpCc]?ux)*([PpCc]?[iU]?x)([rwakml]|&exec;)*(?=($|[\s,]))"/>
-				<RegExpr context="#stay" attribute="Normal Text" String="(^|\s)[rwakml]*[PpCc]?Ux([rwakml]|[PpCc]?Ux)*([PpCc]?[iu]?x)([rwakml]|&exec;)*(?=($|[\s,]))"/>
-				<RegExpr context="#stay" attribute="Normal Text" String="(^|\s)[rwakml]*[iuU]?x([rwakml]|[iuU]?x)*([PpCc][iuU]?x)([rwakml]|&exec;)*(?=($|[\s,]))"/>
-				<RegExpr context="#stay" attribute="Normal Text" String="(^|\s)[rwakml]*x[rwakmlx]*[iuU]x([rwakml]|&exec;)*(?=($|[\s,]))"/>
-			</context>
-			
-			<!-- Operators -->
-			<context name="_operators" attribute="Normal Text" lineEndContext="#stay">
-				<Detect2Chars context="_subprofile" attribute="SubProfile Operator" char="/" char1="/"/>
-				<DetectChar context="#stay" attribute="Operator 1" char="="/>
-				<Detect2Chars context="#stay" attribute="Operator 1" char="+" char1="="/>
-				<Detect2Chars context="#stay" attribute="Operator 2" char="-" char1="&gt;"/>
-				<RegExpr context="#stay" attribute="Operator 2" String="(^|\s)(in|to)(?=($|\s))"/>
+				<RegExpr context="#stay" attribute="Normal Text" String="(^|\s)[rwakml]*(p[iUu]?x([rwakml]|p[iUu]?x)*([PcC]?[iUu]?x)|P[iUu]?x([rwakml]|P[iUu]?x)*([pcC]?[iUu]?x)|c[iUu]?x([rwakml]|c[iUu]?x)*([PpC]?[iUu]?x)|C[iUu]?x([rwakml]|C[iUu]?x)*([Ppc]?[iUu]?x)|[PpCc]?ix([rwakml]|[PpCc]?ix)*([PpCc]?[Uu]?x)|[PpCc]?ux([rwakml]|[PpCc]?ux)*([PpCc]?[iU]?x)|[PpCc]?Ux([rwakml]|[PpCc]?Ux)*([PpCc]?[iu]?x)|[iuU]?x([rwakml]|[iuU]?x)*([PpCc][iuU]?x)|x[rwakmlx]*[iuU]x)([rwakml]|&exec;)*(?=($|[\s,]))"/>
 			</context>
 			
 			<!-- RULES -->
 
 			<!-- For all rules -->
 			<context name="_default_rule_without_parentheses" attribute="Normal Text" lineEndContext="#stay">
 				<IncludeRules context="_common"/>
-				<!-- Highlight as path the text after the '=' operator, except keywords or simple words -->
+				<!-- Highlight as path the text after the '=' operator, except keywords or simple words ([\w\-\+]+) -->
 				<RegExpr context="#stay" attribute="Error" String="\=(?=\s*$)"/>
-				<RegExpr context="_path_content" attribute="Operator 1" String="\=\s*(?=[^\s\(]*[\.\*\?@\\/\[\{#&amp;&#037;&#036;&#033;&#126;])" insensitive="true"/>
+				<RegExpr context="_path_content" attribute="Operator 1" String="\=\s*(?=[^\s\(]*[^&noaftervar;\w\+\-\(,])" insensitive="true"/>
 				<IncludeRules context="_operators"/>
 				<IncludeRules context="_path"/>
 				<IncludeRules context="_text_quoted"/>
-				<IncludeRules context="_globbrackets_rule"/>
 				<IncludeRules context="_pcre_escape_str"/>
 				<keyword context="#stay" attribute="Other Data" String="other_words" insensitive="true"/>
+				<DetectChar context="_r_curly_brackets" attribute="Globbing Brackets" char="{"/>
+				<DetectChar context="_r_square_brackets" attribute="Globbing Brackets" char="["/>
+				<IncludeRules context="_operators_keywords"/>
 
 				<!-- AppArmor does not detect comments within rules (except in file & alias rules) -->
-				<IncludeRules context="_rule_comment_not_allowed"/>
+				<IncludeRules context="_comment_not_allowed"/>
 				<!-- This must be at the end of each context (to avoid conflicts with some keywords) -->
 				<IncludeRules context="_end_rule"/>
 			</context>
@@ -927,10 +714,19 @@
 				<RegExpr context="_comment" attribute="Comment" String="#(?!include)" insensitive="true"/>
 				<IncludeRules context="_default_rule"/>
 			</context>
-			<context name="_rule_comment_not_allowed" attribute="Normal Text" lineEndContext="#stay">
+			
+			<context name="_comment_not_allowed" attribute="Normal Text" lineEndContext="#stay">
 				<DetectChar context="_comment" attribute="Error" char="#" firstNonSpace="true"/>
 				<DetectChar context="#stay" attribute="Error" char="#"/>
 			</context>
+			<context name="_r_curly_brackets" attribute="Globbing Brackets" lineEndContext="#pop">
+				<RegExpr context="#pop!_path_content" attribute="Globbing Brackets" String="\}(?=[^&noaftervar;])" insensitive="true"/>
+				<IncludeRules context="_curly_brackets"/>
+			</context>
+			<context name="_r_square_brackets" attribute="Globbing Brackets" lineEndContext="#pop">
+				<RegExpr context="#pop!_path_content" attribute="Globbing Brackets" String="\](?=[^&noaftervar;])" insensitive="true"/>
+				<IncludeRules context="_square_brackets"/>
+			</context>
 
 			<!-- Network Rule -->
 			<context name="_rule_network" attribute="Normal Text" lineEndContext="#stay">
@@ -1054,9 +850,9 @@
 				<Int context="#stay" attribute="Number"/>
 				<HlCOct context="#stay" attribute="Number"/>
         		<HlCHex context="#stay" attribute="Number"/>
-				<RegExpr context="#stay" attribute="Number" String="[\-\+]\s*(?=[\d\.])"/>
+				<AnyChar context="#stay" attribute="Number" String="-+"/>
 				<RegExpr context="#stay" attribute="Flags" String="([KMG]B?|[shd]|us|ms|min|sec|(minute|day|hour|week|second)(s?)|(milli|micro)second(s?))\b"/>
-				<WordDetect context="#stay" attribute="Other Data" String="infinity"/>
+				<keyword context="#stay" attribute="Number" String="numbers"/>
 				<IncludeRules context="_default_rule"/>
 			</context>
 
@@ -1106,38 +902,40 @@
 			</context>
 			<context name="_default_profile_transition" attribute="Normal Text" lineEndContext="#stay">
 				<IncludeRules context="_variable_simple"/>
-				<AnyChar context="#stay" attribute="Globbing Char 3" String="*?"/>
-				<RegExpr context="#stay" attribute="Globbing Char 3" String="\\[\s\{\}\[\]\(\)\|\*\?\-\^,]"/>
-				<HlCStringChar context="#stay" attribute="Globbing Char 3"/>
+				<AnyChar context="#stay" attribute="Globbing Char in Tran. Prof." String="*?"/>
+				<HlCStringChar context="#stay" attribute="Globbing Char in Tran. Prof."/>
+				<RegExpr context="#stay" attribute="Globbing Char in Tran. Prof." String="\\."/>
 			</context>
 
 			<!-- //SubProfile -->
 			<context name="_subprofile" attribute="SubProfile" lineEndContext="#pop">
-				<RegExpr context="#pop" attribute="SubProfile" String="([&nopathchar;/\{\}\(]|,[&nopathchar;/\{\}\(#]|,$|$)" lookAhead="true"/>
+				<RegExpr context="#pop" attribute="SubProfile" String=",([&nopathchar;/\{\}\(#]|$)" lookAhead="true"/>
+				<DetectSpaces context="#pop" attribute="SubProfile" lookAhead="true"/>
+				<AnyChar context="#pop" attribute="SubProfile" String="&nopathchar_simple;/{}(" lookAhead="true"/>
 				<IncludeRules context="_variable_simple"/>
 				<IncludeRules context="_path_globbing_chars"/>
 			</context>
 
 			<!-- Parentheses Block: ( ) -->
 			<context name="_parentheses_block" attribute="Normal Text" lineEndContext="#stay">
 				<DetectChar context="#pop" attribute="Normal Text" char=")"/>
-				<!-- Highlight as path the text after the '=' operator, except keywords or simple words -->
+				<!-- Highlight as path the text after the '=' operator, except keywords or simple words ([\w\-\+]+) -->
 				<RegExpr context="#stay" attribute="Error" String="\=(?=\s*$)"/>
-				<RegExpr context="_parentheses_path_content" attribute="Operator 1" String="\=\s*(?=[^\s\(\),]*[\.\*\?@\\/\[\{#&amp;&#037;&#036;&#033;&#126;])" insensitive="true"/>
-
+				<RegExpr context="_parentheses_path_content" attribute="Operator 1" String="\=\s*(?=[^\s\(\),]*[^&noaftervar;\w\+\-\(,])" insensitive="true"/>
+				
 				<IncludeRules context="_operators"/>
 				<IncludeRules context="_text_quoted"/>
+				<DetectChar context="_parentheses_path_content" attribute="Path" char="/"/>
+				<Detect2Chars context="_parentheses_variable" attribute="Variable" char="@" char1="{" lookAhead="true"/>
 				<keyword context="#stay" attribute="Other Data" String="other_words" insensitive="true"/>
 				
-				<RegExpr context="_parentheses_path_content" attribute="Path" String="/(?=[^&nopathchar;/,])" insensitive="true"/> <!-- /my/path -->
-				<RegExpr context="_parentheses_path_content" attribute="Path" String="[&pathchar;]+\.[^&nopathchar;\.,]" lookAhead="true" insensitive="true"/> <!-- my.path -->
-				<IncludeRules context="_path_simple"/>
-				
 				<IncludeRules context="_common"/>
-				<IncludeRules context="_globbrackets_rule"/>
 				<DetectChar context="_round_brackets" attribute="Globbing Brackets" char="("/>
-				<IncludeRules context="_rule_comment_not_allowed"/>
+				<DetectChar context="_p_curly_brackets" attribute="Globbing Brackets" char="{"/>
+				<DetectChar context="_p_square_brackets" attribute="Globbing Brackets" char="["/>
+				<IncludeRules context="_comment_not_allowed"/>
 				<IncludeRules context="_pcre_escape_str"/>
+				<IncludeRules context="_operators_keywords"/>
 			</context>
 			<context name="_parentheses_path_content" attribute="Path" lineEndContext="#pop">
 				<DetectChar context="#pop" attribute="Normal Text" char="," lookAhead="true"/>
@@ -1148,6 +946,18 @@
 				<DetectChar context="#pop" attribute="Normal Text" char="," lookAhead="true"/>
 				<IncludeRules context="_subprofile"/> <!-- End with &nopathchar; -->
 			</context>
+			<context name="_parentheses_variable" attribute="Variable" lineEndContext="#pop">
+				<RegExpr context="#pop!_parentheses_path_content" attribute="Variable" String="\}(?=[^&noaftervar;,])" insensitive="true"/>
+				<IncludeRules context="_variable_common"/>
+			</context>
+			<context name="_p_curly_brackets" attribute="Globbing Brackets" lineEndContext="#pop">
+				<RegExpr context="#pop!_parentheses_path_content" attribute="Globbing Brackets" String="\}(?=[^&noaftervar;,])" insensitive="true"/>
+				<IncludeRules context="_curly_brackets"/>
+			</context>
+			<context name="_p_square_brackets" attribute="Globbing Brackets" lineEndContext="#pop">
+				<RegExpr context="#pop!_parentheses_path_content" attribute="Globbing Brackets" String="\](?=[^&noaftervar;,])" insensitive="true"/>
+				<IncludeRules context="_square_brackets"/>
+			</context>
 			
 			<context name="_parentheses_block_profile" attribute="Normal Text" lineEndContext="#stay">
 				<keyword context="#stay" attribute="Flags" String="profile_flags"/>
@@ -1167,46 +977,47 @@
 			</context>
 			<!-- Rule/Profile on new line, in rule not closed -->
 			<context name="_end_rule_irnc" attribute="Normal Text" lineEndContext="#stay">
-				<keyword String="profile_head" context="#pop#pop!_profile_name" attribute="Profile Head Error" firstNonSpace="true" endRegion="Rule"/>
-				<DetectChar char="&#094;"      context="#pop#pop!_profile_name" attribute="Profile Head Error" firstNonSpace="true" endRegion="Rule"/>
-				<keyword String="access_types"          context="#pop#pop" attribute="Access Qualifier Error"  firstNonSpace="true" endRegion="Rule"/>
-				<keyword String="qualifiers"            context="#pop#pop" attribute="Qualifier Error"         firstNonSpace="true" endRegion="Rule"/>
-				<keyword String="file_qualifiers"       context="#pop#pop" attribute="File Qualifier Error"    firstNonSpace="true" endRegion="Rule"/>
-				<RegExpr String="set(?=\s+rlimit\b)"    context="#pop#pop" attribute="Rule Error"              firstNonSpace="true" endRegion="Rule"/>
+				<!-- Use keyword delimiters! -->
+				<RegExpr context="_end_rule_keywords" attribute="Normal Text" String="(profile|hat|allow|deny|audit|owner|file|alias|(set\s+)?rlimit|capability|network|(u|re)?mount|pivot_root|ptrace|unix|signal|dbus|link|change_profile)([\s\.\(\)&lt;&gt;\=/\\\[\]\{\},&quot;&#039;\^;:\|]|$)" firstNonSpace="true" lookAhead="true"/>
+			</context>
+			<context name="_end_rule_keywords" attribute="Normal Text" lineEndContext="#pop">
+				<keyword String="profile_head"       context="#pop#pop#pop!_profile_name" attribute="Profile Head Error"     endRegion="Rule"/>
+				<keyword String="access_types"       context="#pop#pop#pop"               attribute="Access Qualifier Error" endRegion="Rule"/>
+				<keyword String="qualifiers"         context="#pop#pop#pop"               attribute="Qualifier Error"        endRegion="Rule"/>
+				<keyword String="file_qualifiers"    context="#pop#pop#pop"               attribute="File Qualifier Error"   endRegion="Rule"/>
+				<RegExpr String="set(?=\s+rlimit\b)" context="#pop#pop#pop"               attribute="Rule Error"             endRegion="Rule"/>
 
-				<keyword String="rule_name_file"          context="#pop#pop!_rule_file"          attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_alias" context="#pop#pop!_default_rule_with_comments" attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_capability"    context="#pop#pop!_rule_capability"    attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_network"       context="#pop#pop!_rule_network"       attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_pivotroot"     context="#pop#pop!_rule_pivotroot"     attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_ptrace"        context="#pop#pop!_rule_ptrace"        attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_signal"        context="#pop#pop!_rule_signal"        attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_dbus"          context="#pop#pop!_rule_dbus"          attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_link"          context="#pop#pop!_rule_link"          attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_changeprofile" context="#pop#pop!_rule_changeprofile" attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_rlimit"        context="#pop#pop!_rule_rlimit"        attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_file"          context="#pop#pop#pop!_rule_file"          attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_alias" context="#pop#pop#pop!_default_rule_with_comments" attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_capability"    context="#pop#pop#pop!_rule_capability"    attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_network"       context="#pop#pop#pop!_rule_network"       attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_pivotroot"     context="#pop#pop#pop!_rule_pivotroot"     attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_ptrace"        context="#pop#pop#pop!_rule_ptrace"        attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_signal"        context="#pop#pop#pop!_rule_signal"        attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_dbus"          context="#pop#pop#pop!_rule_dbus"          attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_link"          context="#pop#pop#pop!_rule_link"          attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_changeprofile" context="#pop#pop#pop!_rule_changeprofile" attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_rlimit"        context="#pop#pop#pop!_rule_rlimit"        attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
 				<!-- This must be at the end of each rule context, to avoid replacing the 'unix' & 'remount' keywords 
 					 ('unix' is also a domain of the network rule; 'remount' is also a flag of the mount rule). -->
-				<keyword String="rule_name_mount" context="#pop#pop!_rule_mount" attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
-				<keyword String="rule_name_unix"  context="#pop#pop!_rule_unix"  attribute="Rule Error" firstNonSpace="true" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_mount" context="#pop#pop#pop!_rule_mount" attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<keyword String="rule_name_unix"  context="#pop#pop#pop!_rule_unix"  attribute="Rule Error" endRegion="Rule" beginRegion="Rule"/>
+				<RegExpr context="#pop" attribute="Normal Text" String="."/>
 			</context>
 
 			<!-- Paths & File Globals -->
 
 			<context name="_path" attribute="Normal Text" lineEndContext="#stay">
-				<RegExpr context="_path_content" attribute="Path" String="/(?=[^&nopathchar;/])" insensitive="true"/> <!-- /my/path -->
-				<RegExpr context="_path_content" attribute="Path" String="[&pathchar;]+\.[^&nopathchar;\.]" lookAhead="true" insensitive="true"/> <!-- my.path -->
-				<IncludeRules context="_path_simple"/>
+				<DetectChar context="_path_content" attribute="Path" char="/"/>
 			</context>
 			<context name="_path_content" attribute="Path" lineEndContext="#pop">
-				<RegExpr context="#pop" attribute="Path" String="([&nopathchar;]|,\s|,$)" lookAhead="true" insensitive="true"/>
+				<RegExpr context="#pop" attribute="Path" String=",(\s|$)" lookAhead="true"/>
+				<DetectSpaces context="#pop" attribute="Path" lookAhead="true"/>
+				<AnyChar context="#pop" attribute="Path" String="&nopathchar_simple;" lookAhead="true"/>
 				<Detect2Chars context="_subprofile" attribute="SubProfile Operator" char="/" char1="/"/>
 				<IncludeRules context="_variable_simple"/>
 				<IncludeRules context="_path_globbing"/>
 			</context>
-			<context name="_path_simple" attribute="Normal Text" lineEndContext="#stay">
-				<RegExpr context="#stay" attribute="Path" String="/(?=([&nopathchar;]|,\s|,$|$))"/> <!-- / -->
-			</context>
 
 			<!-- Globbing -->
 			<context name="_path_globbing" attribute="Normal Text" lineEndContext="#stay">
@@ -1221,18 +1032,19 @@
 				<IncludeRules context="_pcre_escape_str"/>
 			</context>
 			<context name="_globbing_chars" attribute="Normal Text" lineEndContext="#stay">
-				<AnyChar context="#stay" attribute="Globbing Char 1" String="*?"/>
+				<AnyChar context="#stay" attribute="Globbing Char" String="*?"/>
 			</context>
 			<context name="_pcre_escape_str" attribute="Normal Text" lineEndContext="#stay">
-				<RegExpr context="#stay" attribute="Escape Expression" String="\\[\s\{\}\[\]\(\)\|\*\?\-\^,]"/>
-				<HlCStringChar context="#stay" attribute="Escape Expression"/>
+				<HlCStringChar context="#stay" attribute="Escape Char"/>
+				<RegExpr context="#stay" attribute="Escape Char" String="\\."/>
 			</context>
 			
 			<!-- Groups of brackets: { }, [ ] and ( ) -->
 			<context name="_curly_brackets" attribute="Globbing Brackets" lineEndContext="#pop">
 				<DetectChar context="#pop" attribute="Globbing Brackets" char="}"/>
 				<IncludeRules context="_pcre_escape_str"/>
-				<RegExpr context="#pop" attribute="Path" String="[&nopathchar;]" lookAhead="true" insensitive="true"/>
+				<DetectSpaces context="#pop" attribute="Path" lookAhead="true"/>
+				<AnyChar context="#pop" attribute="Path" String="&nopathchar_simple;" lookAhead="true"/>
 
 				<IncludeRules context="_variable_simple"/>
 				<IncludeRules context="_brackets_error"/>
@@ -1242,56 +1054,42 @@
 				<RegExpr context="#stay" attribute="Open Globbing Brackets" String="[^\s\[\]\{\}\(\)](?=([&nopathchar;]|$))"/>
 				
 				<IncludeRules context="_globbing_chars"/>
-				<DetectChar context="#stay" attribute="Globbing Char 2" char=","/>
+				<DetectChar context="#stay" attribute="Globbing Char of Brackets" char=","/>
 				<keyword context="#stay" attribute="Globbing Brackets" String="default_variables"/>
 			</context>
 			<context name="_square_brackets" attribute="Globbing Brackets" lineEndContext="#pop">
 				<DetectChar context="#pop" attribute="Globbing Brackets" char="]"/>
 				<IncludeRules context="_pcre_escape_str"/>
-				<DetectSpaces context="#pop" attribute="Normal Text" lookAhead="true"/>
-				<DetectChar context="#pop" attribute="Path" char="&quot;" lookAhead="true"/>
+				<DetectSpaces context="#pop" attribute="Path" lookAhead="true"/>
+				<DetectChar context="#pop" attribute="Path" char="&quot;" lookAhead="true"/> <!-- &nopathchar; -->
 
 				<IncludeRules context="_variable_simple"/>
 				<DetectChar context="#stay" attribute="Error" char="["/>
-				<RegExpr context="#stay" attribute="Open Globbing Brackets" String="\S(?=([\s&quot;]|$))"/>
+				<RegExpr context="#stay" attribute="Open Globbing Brackets" String="\S(?=([&quot;\s]|$))"/> <!-- &nopathchar; -->
 
 				<IncludeRules context="_globbing_chars"/>
-				<AnyChar context="#stay" attribute="Globbing Char 2" String="^-"/>
+				<AnyChar context="#stay" attribute="Globbing Char of Brackets" String="^-"/>
 			</context>
 			<context name="_round_brackets" attribute="Globbing Brackets" lineEndContext="#pop">
 				<DetectChar context="#pop" attribute="Globbing Brackets" char=")"/>
 				<IncludeRules context="_pcre_escape_str"/>
-				<DetectSpaces context="#pop" attribute="Normal Text" lookAhead="true"/>
-				<DetectChar context="#pop" attribute="Path" char="&quot;" lookAhead="true"/>
+				<DetectSpaces context="#pop" attribute="Path" lookAhead="true"/>
+				<DetectChar context="#pop" attribute="Path" char="&quot;" lookAhead="true"/> <!-- &nopathchar; -->
 
 				<IncludeRules context="_variable_simple"/>
 				<IncludeRules context="_brackets_error"/>
 				<DetectChar context="_curly_brackets" attribute="Globbing Brackets" char="{"/>
 				<DetectChar context="_square_brackets" attribute="Globbing Brackets" char="["/>
 				<DetectChar context="_round_brackets" attribute="Globbing Brackets" char="("/>
-				<RegExpr context="#stay" attribute="Open Globbing Brackets" String="[^\s\[\]\{\}\(\)](?=([\s&quot;]|$))"/>
+				<RegExpr context="#stay" attribute="Open Globbing Brackets" String="[^\s\[\]\{\}\(\)](?=([&quot;\s]|$))"/> <!-- &nopathchar; -->
 
 				<IncludeRules context="_globbing_chars"/>
-				<DetectChar context="#stay" attribute="Globbing Char 2" char="|"/>
+				<DetectChar context="#stay" attribute="Globbing Char of Brackets" char="|"/>
 			</context>
 			<context name="_brackets_error" attribute="Normal Text" lineEndContext="#stay">
-				<StringDetect context="#stay" attribute="Error" String="[]"/>
-				<StringDetect context="#stay" attribute="Error" String="{}"/>
-				<StringDetect context="#stay" attribute="Error" String="()"/>
-			</context>
-
-			<!-- If the brackets are outside a path -->
-			<context name="_globbrackets_rule" attribute="Normal Text" lineEndContext="#stay">
-				<DetectChar context="_r_curly_brackets" attribute="Globbing Brackets" char="{"/>
-				<DetectChar context="_r_square_brackets" attribute="Globbing Brackets" char="["/>
-			</context>
-			<context name="_r_curly_brackets" attribute="Globbing Brackets" lineEndContext="#pop">
-				<RegExpr context="#pop!_path_content" attribute="Globbing Brackets" String="\}(?=[&pathchar;\[\{\(#])" insensitive="true"/>
-				<IncludeRules context="_curly_brackets"/>
-			</context>
-			<context name="_r_square_brackets" attribute="Globbing Brackets" lineEndContext="#pop">
-				<RegExpr context="#pop!_path_content" attribute="Globbing Brackets" String="\](?=[&pathchar;\[\{\(#])" insensitive="true"/>
-				<IncludeRules context="_square_brackets"/>
+				<Detect2Chars context="#stay" attribute="Error" char="[" char1="]"/>
+				<Detect2Chars context="#stay" attribute="Error" char="{" char1="}"/>
+				<Detect2Chars context="#stay" attribute="Error" char="(" char1=")"/>
 			</context>
 			
 			<!-- Path Quoted -->
@@ -1308,47 +1106,47 @@
 		
 		<itemDatas>
 			<itemData name="Normal Text"    defStyleNum="dsNormal"       spellChecking="false"/>
-			<itemData name="Path"           defStyleNum="dsNormal"       bold="0" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Text Quoted"    defStyleNum="dsString"       bold="0" italic="0" underline="0" spellChecking="false"/>
+			<itemData name="Path"           defStyleNum="dsNormal"       bold="0" spellChecking="false"/>
+			<itemData name="Text Quoted"    defStyleNum="dsString"       bold="0" spellChecking="false"/>
 			<itemData name="Comment"        defStyleNum="dsComment"/>
 			<itemData name="Preprocessor"   defStyleNum="dsPreprocessor" spellChecking="false"/>
 			<itemData name="Prep. Lib"      defStyleNum="dsImport"       underline="0" spellChecking="false"/>
 			<itemData name="Open Prep. Lib" defStyleNum="dsImport"       underline="1" spellChecking="false"/>
-			<itemData name="Variable"       defStyleNum="dsDecVal"       bold="0" italic="0" underline="0" spellChecking="false"/>
+			<itemData name="Variable"       defStyleNum="dsDecVal"       bold="0" spellChecking="false"/>
 			
-			<itemData name="Profile Head"            defStyleNum="dsFunction"  bold="1" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Profile Name"            defStyleNum="dsFunction"  bold="0" italic="0" underline="0" spellChecking="false"/>
+			<itemData name="Profile Head"            defStyleNum="dsFunction"  bold="1" underline="0" spellChecking="false"/>
+			<itemData name="Profile Name"            defStyleNum="dsFunction"  bold="0" underline="0" spellChecking="false"/>
 			<itemData name="Transition Profile Name" defStyleNum="dsFunction"  bold="0" italic="1" underline="0" spellChecking="false"/>
-			<itemData name="Qualifier"               defStyleNum="dsNormal"    bold="1" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Access Qualifier"        defStyleNum="dsWarning"   bold="1" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="File Qualifier"          defStyleNum="dsVariable"  bold="1" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Rule"                    defStyleNum="dsVariable"  bold="1" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Data"                    defStyleNum="dsVariable"  bold="0" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Other Data"              defStyleNum="dsNormal"    bold="0" italic="1" underline="0" spellChecking="false"/>
-			<itemData name="Permissions"             defStyleNum="dsKeyword"   bold="1" italic="0" underline="0" spellChecking="false"/>
+			<itemData name="Qualifier"               defStyleNum="dsNormal"    bold="1" underline="0" spellChecking="false"/>
+			<itemData name="Access Qualifier"        defStyleNum="dsWarning"   bold="1" underline="0" spellChecking="false"/>
+			<itemData name="File Qualifier"          defStyleNum="dsVariable"  bold="1" underline="0" spellChecking="false"/>
+			<itemData name="Rule"                    defStyleNum="dsVariable"  bold="1" underline="0" spellChecking="false"/>
+			<itemData name="Data"                    defStyleNum="dsVariable"  bold="0" spellChecking="false"/>
+			<itemData name="Other Data"              defStyleNum="dsNormal"    bold="0" italic="1" spellChecking="false"/>
+			<itemData name="Permissions"             defStyleNum="dsKeyword"   bold="1" spellChecking="false"/>
 			
-			<itemData name="Option"              defStyleNum="dsOthers"     bold="0" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Other Option"        defStyleNum="dsDataType"   bold="0" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Flags"               defStyleNum="dsVerbatimString"      italic="0" underline="0" spellChecking="false"/>
-			<itemData name="SubProfile"          defStyleNum="dsAnnotation" bold="0" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="SubProfile Operator" defStyleNum="dsAnnotation" bold="1" italic="0" underline="0" spellChecking="false"/>
+			<itemData name="Option"              defStyleNum="dsOthers"     bold="0" spellChecking="false"/>
+			<itemData name="Other Option"        defStyleNum="dsDataType"   bold="0" spellChecking="false"/>
+			<itemData name="Flags"               defStyleNum="dsVerbatimString"      spellChecking="false"/>
+			<itemData name="SubProfile"          defStyleNum="dsAnnotation" bold="0" spellChecking="false"/>
+			<itemData name="SubProfile Operator" defStyleNum="dsAnnotation" bold="1" spellChecking="false"/>
 			<itemData name="Operator 1"          defStyleNum="dsOperator"   spellChecking="false"/>
-			<itemData name="Operator 2"          defStyleNum="dsWarning"    bold="1" italic="0" underline="0" spellChecking="false"/>
+			<itemData name="Operator 2"          defStyleNum="dsWarning"    bold="1" spellChecking="false"/>
 			<itemData name="Number"              defStyleNum="dsDecVal"     spellChecking="false"/>
 			<itemData name="End of Rule Char"    defStyleNum="dsNormal"     spellChecking="false"/>
 
-			<itemData name="Escape Expression"      defStyleNum="dsSpecialChar"   bold="0" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Globbing Char 1"        defStyleNum="dsSpecialChar"   bold="0" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Globbing Char 2"        defStyleNum="dsAnnotation"    bold="0" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Globbing Char 3"        defStyleNum="dsSpecialString" bold="0" italic="1" underline="0" spellChecking="false"/>
-			<itemData name="Globbing Brackets"      defStyleNum="dsSpecialString" bold="0" italic="0" underline="0" spellChecking="false"/>
-			<itemData name="Open Globbing Brackets" defStyleNum="dsSpecialString" bold="0" italic="0" underline="1" spellChecking="false"/>
+			<itemData name="Escape Char"            defStyleNum="dsSpecialChar"   bold="0" spellChecking="false"/>
+			<itemData name="Globbing Char"          defStyleNum="dsSpecialChar"   bold="0" spellChecking="false"/>
+			<itemData name="Globbing Char of Brackets"    defStyleNum="dsAnnotation"    bold="0" spellChecking="false"/>
+			<itemData name="Globbing Char in Tran. Prof." defStyleNum="dsSpecialString" bold="0" italic="1" spellChecking="false"/>
+			<itemData name="Globbing Brackets"      defStyleNum="dsSpecialString" bold="0" underline="0" spellChecking="false"/>
+			<itemData name="Open Globbing Brackets" defStyleNum="dsSpecialString" bold="0" underline="1" spellChecking="false"/>
 			
-			<itemData name="Rule Error"             defStyleNum="dsVariable" bold="1" italic="0" underline="1" spellChecking="false"/>
-			<itemData name="Qualifier Error"        defStyleNum="dsNormal"   bold="1" italic="0" underline="1" spellChecking="false"/>
-			<itemData name="Access Qualifier Error" defStyleNum="dsWarning"  bold="1" italic="0" underline="1" spellChecking="false"/>
-			<itemData name="File Qualifier Error"   defStyleNum="dsVariable" bold="1" italic="0" underline="1" spellChecking="false"/>
-			<itemData name="Profile Head Error"     defStyleNum="dsFunction" bold="1" italic="0" underline="1" spellChecking="false"/>
+			<itemData name="Rule Error"             defStyleNum="dsVariable" bold="1" underline="1" spellChecking="false"/>
+			<itemData name="Qualifier Error"        defStyleNum="dsNormal"   bold="1" underline="1" spellChecking="false"/>
+			<itemData name="Access Qualifier Error" defStyleNum="dsWarning"  bold="1" underline="1" spellChecking="false"/>
+			<itemData name="File Qualifier Error"   defStyleNum="dsVariable" bold="1" underline="1" spellChecking="false"/>
+			<itemData name="Profile Head Error"     defStyleNum="dsFunction" bold="1" underline="1" spellChecking="false"/>
 			<itemData name="Error"                  defStyleNum="dsError"    spellChecking="false"/>
 		</itemDatas>
 
diff --git a/data/syntax/selinux-cil.xml b/data/syntax/selinux-cil.xml
--- a/data/syntax/selinux-cil.xml
+++ b/data/syntax/selinux-cil.xml
@@ -3,7 +3,7 @@
 [
 	<!ENTITY symbol         "\w\[\]\.@\=/\*\-&#036;&#037;\+&#033;\|&amp;\^&#058;&#126;&#096;#\{\}&#039;&lt;&gt;\?,\\"> <!-- [].@=/*-_$%+!|&^:~`#{}'<>?,\ -->
 	<!ENTITY identifier     "[a-zA-Z][\w\-]*">
-	<!ENTITY statementchar  "[a-z_\-]">	
+	<!ENTITY statementchar  "[a-z_\-]">
 ]>
 
 <!--
@@ -34,12 +34,14 @@
   ==========================================================================================
   
   Change log:
+    * Version 2 [15-Mar-2018, by Nibaldo G.]:
+		- Small optimizations. Improvements in PCRE Regex highlighting.
   	* Version 1 [26-Jan-2018, by Nibaldo González]:
 		- Initial version.
 -->
 
 <language name="SELinux CIL Policy"
-		version="1"
+		version="2"
 		kateversion="5.0"
 		section="Sources"
 		extensions="*.cil"
@@ -301,351 +303,125 @@
 		
 		<!-- Access Vectors Permissions -->
 		<list name="av_permissions">
-			<item>accept</item>
-			<item>acceptfrom</item>
-			<item>access</item>
-			<item>acquire_svc</item>
-			<item>add</item>
-			<item>add_child</item>
-			<item>add_color</item>
-			<item>add_glyph</item>
-			<item>add_name</item>
-			<item>admin</item>
-			<item>append</item>
-			<item>associate</item>
-			<item>attach_queue</item>
-			<item>audit_access</item>
-			<item>audit_control</item>
-			<item>audit_read</item>
-			<item>audit_write</item>
-			<item>bell</item>
-			<item>bind</item>
-			<item>blend</item>
-			<item>block_suspend</item>
-			<item>call</item>
-			<item>check_context</item>
-			<item>chfn</item>
-			<item>chown</item>
-			<item>chsh</item>
-			<item>compute_av</item>
-			<item>compute_create</item>
-			<item>compute_member</item>
-			<item>compute_relabel</item>
-			<item>compute_user</item>
-			<item>connect</item>
-			<item>connectto</item>
-			<item>contains</item>
-			<item>copy</item>
-			<item>create</item>
-			<item>create_files_as</item>
-			<item>crontab</item>
-			<item>dac_override</item>
-			<item>dac_read_search</item>
-			<item>dccp_recv</item>
-			<item>dccp_send</item>
-			<item>debug</item>
-			<item>delete</item>
-			<item>destroy</item>
-			<item>disable</item>
-			<item>drop</item>
-			<item>dyntransition</item>
-			<item>egress</item>
-			<item>enable</item>
-			<item>enforce_dest</item>
-			<item>enqueue</item>
-			<item>entrypoint</item>
-			<item>execheap</item>
-			<item>execmem</item>
-			<item>execmod</item>
-			<item>execstack</item>
-			<item>execute</item>
-			<item>execute_no_trans</item>
-			<item>expand</item>
-			<item>export</item>
-			<item>flow_in</item>
-			<item>flow_out</item>
-			<item>force_cursor</item>
-			<item>fork</item>
-			<item>forward_in</item>
-			<item>forward_out</item>
-			<item>fowner</item>
-			<item>freeze</item>
-			<item>fsetid</item>
-			<item>get_param</item>
-			<item>get_property</item>
-			<item>get_value</item>
-			<item>getattr</item>
-			<item>getcap</item>
-			<item>getfocus</item>
-			<item>getgrp</item>
-			<item>gethost</item>
-			<item>getopt</item>
-			<item>getpgid</item>
-			<item>getpwd</item>
-			<item>getrlimit</item>
-			<item>getsched</item>
-			<item>getserv</item>
-			<item>getsession</item>
-			<item>getstat</item>
-			<item>grab</item>
-			<item>halt</item>
-			<item>hide</item>
-			<item>hide_cursor</item>
-			<item>impersonate</item>
-			<item>implement</item>
-			<item>import</item>
-			<item>ingress</item>
-			<item>insert</item>
-			<item>install</item>
-			<item>install_module</item>
-			<item>ioctl</item>
-			<item>ipc_info</item>
-			<item>ipc_lock</item>
-			<item>ipc_owner</item>
-			<item>kill</item>
-			<item>lease</item>
-			<item>link</item>
-			<item>linux_immutable</item>
-			<item>list_child</item>
-			<item>list_property</item>
-			<item>listen</item>
-			<item>load_module</item>
-			<item>load_policy</item>
-			<item>lock</item>
-			<item>mac_admin</item>
-			<item>mac_override</item>
-			<item>manage</item>
-			<item>manage_subnet</item>
-			<item>map</item>
-			<item>mknod</item>
-			<item>mmap_zero</item>
-			<item>module_load</item>
-			<item>module_request</item>
-			<item>mount</item>
-			<item>mounton</item>
-			<item>name_bind</item>
-			<item>name_connect</item>
-			<item>net_admin</item>
-			<item>net_bind_service</item>
-			<item>net_broadcast</item>
-			<item>net_raw</item>
-			<item>newconn</item>
-			<item>next_value</item>
-			<item>nlmsg_read</item>
-			<item>nlmsg_readpriv</item>
-			<item>nlmsg_relay</item>
-			<item>nlmsg_tty_audit</item>
-			<item>nlmsg_write</item>
-			<item>nnp_transition</item>
-			<item>noatsecure</item>
-			<item>node_bind</item>
-			<item>nosuid_transition</item>
-			<item>open</item>
-			<item>override</item>
-			<item>passwd</item>
-			<item>paste</item>
-			<item>paste_after_confirm</item>
-			<item>polmatch</item>
-			<item>ptrace</item>
-			<item>query</item>
-			<item>quotaget</item>
-			<item>quotamod</item>
-			<item>quotaon</item>
-			<item>rawip_recv</item>
-			<item>rawip_send</item>
-			<item>read</item>
-			<item>read_policy</item>
-			<item>reboot</item>
-			<item>receive</item>
-			<item>record</item>
-			<item>recv</item>
-			<item>recv_msg</item>
-			<item>recvfrom</item>
-			<item>relabelfrom</item>
-			<item>relabelto</item>
-			<item>reload</item>
-			<item>remount</item>
-			<item>remove</item>
-			<item>remove_child</item>
-			<item>remove_color</item>
-			<item>remove_glyph</item>
-			<item>remove_name</item>
-			<item>rename</item>
-			<item>reparent</item>
-			<item>rlimitinh</item>
-			<item>rmdir</item>
-			<item>rootok</item>
-			<item>saver_getattr</item>
-			<item>saver_hide</item>
-			<item>saver_setattr</item>
-			<item>saver_show</item>
-			<item>search</item>
-			<item>select</item>
-			<item>send</item>
-			<item>send_msg</item>
-			<item>sendto</item>
-			<item>set_context_mgr</item>
-			<item>set_param</item>
-			<item>set_property</item>
-			<item>set_value</item>
-			<item>setattr</item>
-			<item>setbool</item>
-			<item>setcap</item>
-			<item>setcheckreqprot</item>
-			<item>setcontext</item>
-			<item>setcurrent</item>
-			<item>setenforce</item>
-			<item>setexec</item>
-			<item>setfcap</item>
-			<item>setfocus</item>
-			<item>setfscreate</item>
-			<item>setgid</item>
-			<item>setkeycreate</item>
-			<item>setopt</item>
-			<item>setpcap</item>
-			<item>setpgid</item>
-			<item>setrlimit</item>
-			<item>setsched</item>
-			<item>setsecparam</item>
-			<item>setsockcreate</item>
-			<item>setuid</item>
-			<item>share</item>
-			<item>shmemgrp</item>
-			<item>shmemhost</item>
-			<item>shmempwd</item>
-			<item>shmemserv</item>
-			<item>show</item>
-			<item>show_cursor</item>
-			<item>shutdown</item>
-			<item>sigchld</item>
-			<item>siginh</item>
-			<item>sigkill</item>
-			<item>signal</item>
-			<item>signull</item>
-			<item>sigstop</item>
-			<item>start</item>
-			<item>status</item>
-			<item>stop</item>
-			<item>swapon</item>
-			<item>sys_admin</item>
-			<item>sys_boot</item>
-			<item>sys_chroot</item>
-			<item>sys_module</item>
-			<item>sys_nice</item>
-			<item>sys_pacct</item>
-			<item>sys_ptrace</item>
-			<item>sys_rawio</item>
-			<item>sys_resource</item>
-			<item>sys_time</item>
-			<item>sys_tty_config</item>
-			<item>syslog</item>
-			<item>syslog_console</item>
-			<item>syslog_mod</item>
-			<item>syslog_read</item>
-			<item>tcp_recv</item>
-			<item>tcp_send</item>
-			<item>transfer</item>
-			<item>transition</item>
-			<item>translate</item>
-			<item>udp_recv</item>
-			<item>udp_send</item>
-			<item>uninstall</item>
-			<item>unix_read</item>
-			<item>unix_write</item>
-			<item>unlink</item>
-			<item>unmount</item>
-			<item>update</item>
-			<item>use</item>
-			<item>use_as_override</item>
-			<item>validate_trans</item>
-			<item>view</item>
-			<item>wake_alarm</item>
-			<item>write</item>
+			<item>accept</item>          <item>acceptfrom</item>      <item>access</item>
+			<item>acquire_svc</item>     <item>add</item>             <item>add_child</item>
+			<item>add_color</item>       <item>add_glyph</item>       <item>add_name</item>
+			<item>admin</item>           <item>append</item>          <item>associate</item>
+			<item>attach_queue</item>    <item>audit_access</item>    <item>audit_control</item>
+			<item>audit_read</item>      <item>audit_write</item>     <item>bell</item>
+			<item>bind</item>            <item>blend</item>           <item>block_suspend</item>
+			<item>call</item>            <item>check_context</item>   <item>chfn</item>
+			<item>chown</item>           <item>chsh</item>            <item>compute_av</item>
+			<item>compute_create</item>  <item>compute_member</item>  <item>compute_relabel</item>
+			<item>compute_user</item>    <item>connect</item>         <item>connectto</item>
+			<item>contains</item>        <item>copy</item>            <item>create</item>
+			<item>create_files_as</item> <item>crontab</item>         <item>dac_override</item>
+			<item>dac_read_search</item> <item>dccp_recv</item>       <item>dccp_send</item>
+			<item>debug</item>           <item>delete</item>          <item>destroy</item>
+			<item>disable</item>         <item>drop</item>            <item>dyntransition</item>
+			<item>egress</item>          <item>enable</item>          <item>enforce_dest</item>
+			<item>enqueue</item>         <item>entrypoint</item>      <item>execheap</item>
+			<item>execmem</item>         <item>execmod</item>         <item>execstack</item>
+			<item>execute</item>         <item>execute_no_trans</item><item>expand</item>
+			<item>export</item>          <item>flow_in</item>         <item>flow_out</item>
+			<item>force_cursor</item>    <item>fork</item>            <item>forward_in</item>
+			<item>forward_out</item>     <item>fowner</item>          <item>freeze</item>
+			<item>fsetid</item>          <item>get_param</item>       <item>get_property</item>
+			<item>get_value</item>       <item>getattr</item>         <item>getcap</item>
+			<item>getfocus</item>        <item>getgrp</item>          <item>gethost</item>
+			<item>getopt</item>          <item>getpgid</item>         <item>getpwd</item>
+			<item>getrlimit</item>       <item>getsched</item>        <item>getserv</item>
+			<item>getsession</item>      <item>getstat</item>         <item>grab</item>
+			<item>halt</item>            <item>hide</item>            <item>hide_cursor</item>
+			<item>impersonate</item>     <item>implement</item>       <item>import</item>
+			<item>ingress</item>         <item>insert</item>          <item>install</item>
+			<item>install_module</item>  <item>ioctl</item>           <item>ipc_info</item>
+			<item>ipc_lock</item>        <item>ipc_owner</item>       <item>kill</item>
+			<item>lease</item>           <item>link</item>            <item>linux_immutable</item>
+			<item>list_child</item>      <item>list_property</item>   <item>listen</item>
+			<item>load_module</item>     <item>load_policy</item>     <item>lock</item>
+			<item>mac_admin</item>       <item>mac_override</item>    <item>manage</item>
+			<item>manage_subnet</item>   <item>map</item>             <item>mknod</item>
+			<item>mmap_zero</item>       <item>module_load</item>     <item>module_request</item>
+			<item>mount</item>           <item>mounton</item>         <item>name_bind</item>
+			<item>name_connect</item>    <item>net_admin</item>       <item>net_bind_service</item>
+			<item>net_broadcast</item>   <item>net_raw</item>         <item>newconn</item>
+			<item>next_value</item>      <item>nlmsg_read</item>      <item>nlmsg_readpriv</item>
+			<item>nlmsg_relay</item>     <item>nlmsg_tty_audit</item> <item>nlmsg_write</item>
+			<item>nnp_transition</item>  <item>noatsecure</item>      <item>node_bind</item>
+			<item>nosuid_transition</item><item>open</item>           <item>override</item>
+			<item>passwd</item>          <item>paste</item>           <item>paste_after_confirm</item>
+			<item>polmatch</item>        <item>ptrace</item>          <item>query</item>
+			<item>quotaget</item>        <item>quotamod</item>        <item>quotaon</item>
+			<item>rawip_recv</item>      <item>rawip_send</item>      <item>read</item>
+			<item>read_policy</item>     <item>reboot</item>          <item>receive</item>
+			<item>record</item>          <item>recv</item>            <item>recv_msg</item>
+			<item>recvfrom</item>        <item>relabelfrom</item>     <item>relabelto</item>
+			<item>reload</item>          <item>remount</item>         <item>remove</item>
+			<item>remove_child</item>    <item>remove_color</item>    <item>remove_glyph</item>
+			<item>remove_name</item>     <item>rename</item>          <item>reparent</item>
+			<item>rlimitinh</item>       <item>rmdir</item>           <item>rootok</item>
+			<item>saver_getattr</item>   <item>saver_hide</item>      <item>saver_setattr</item>
+			<item>saver_show</item>      <item>search</item>          <item>select</item>
+			<item>send</item>            <item>send_msg</item>        <item>sendto</item>
+			<item>set_context_mgr</item> <item>set_param</item>       <item>set_property</item>
+			<item>set_value</item>       <item>setattr</item>         <item>setbool</item>
+			<item>setcap</item>          <item>setcheckreqprot</item> <item>setcontext</item>
+			<item>setcurrent</item>      <item>setenforce</item>      <item>setexec</item>
+			<item>setfcap</item>         <item>setfocus</item>        <item>setfscreate</item>
+			<item>setgid</item>          <item>setkeycreate</item>    <item>setopt</item>
+			<item>setpcap</item>         <item>setpgid</item>         <item>setrlimit</item>
+			<item>setsched</item>        <item>setsecparam</item>     <item>setsockcreate</item>
+			<item>setuid</item>          <item>share</item>           <item>shmemgrp</item>
+			<item>shmemhost</item>       <item>shmempwd</item>        <item>shmemserv</item>
+			<item>show</item>            <item>show_cursor</item>     <item>shutdown</item>
+			<item>sigchld</item>         <item>siginh</item>          <item>sigkill</item>
+			<item>signal</item>          <item>signull</item>         <item>sigstop</item>
+			<item>start</item>           <item>status</item>          <item>stop</item>
+			<item>swapon</item>          <item>sys_admin</item>       <item>sys_boot</item>
+			<item>sys_chroot</item>      <item>sys_module</item>      <item>sys_nice</item>
+			<item>sys_pacct</item>       <item>sys_ptrace</item>      <item>sys_rawio</item>
+			<item>sys_resource</item>    <item>sys_time</item>        <item>sys_tty_config</item>
+			<item>syslog</item>          <item>syslog_console</item>  <item>syslog_mod</item>
+			<item>syslog_read</item>     <item>tcp_recv</item>        <item>tcp_send</item>
+			<item>transfer</item>        <item>transition</item>      <item>translate</item>
+			<item>udp_recv</item>        <item>udp_send</item>        <item>uninstall</item>
+			<item>unix_read</item>       <item>unix_write</item>      <item>unlink</item>
+			<item>unmount</item>         <item>update</item>          <item>use</item>
+			<item>use_as_override</item> <item>validate_trans</item>  <item>view</item>
+			<item>wake_alarm</item>      <item>write</item>
 		</list>
 
 		<list name="filesystem">
 			<!-- VFS Types -->
-			<item>autofs</item>
-			<item>bdev</item>
-			<item>bpf</item>
-			<item>cachefs</item>
-			<item>cgroup</item>
-			<item>cgroup2</item>
-			<item>cifs</item>
-			<item>coherent</item>
-			<item>configfs</item>
-			<item>cpuset</item>
-			<item>cramfs</item>
-			<item>debugfs</item>
-			<item>devfs</item>
-			<item>devpts</item>
-			<item>devtmpfs</item>
-			<item>ecryptfs</item>
-			<item>efs</item>
-			<item>fuse</item>
-			<item>fuseblk</item>
-			<item>fusectl</item>
-			<item>hugetlbfs</item>
-			<item>iso9660</item>
-			<item>kernfs</item>
-			<item>mqueue</item>
-			<item>pipefs</item>
-			<item>proc</item>
-			<item>procfs</item>
-			<item>pstore</item>
-			<item>ramfs</item>
-			<item>romfs</item>
-			<item>rootfs</item>
-			<item>securityfs</item>
-			<item>selinuxfs</item>
-			<item>sockfs</item>
-			<item>specfs</item>
-			<item>squashfs</item>
-			<item>swapfs</item>
-			<item>sysfs</item>
-			<item>sysv</item>
-			<item>tmpfs</item>
-			<item>usbfs</item>
-			<item>vfat</item>
+			<item>autofs</item>     <item>bdev</item>       <item>bpf</item>
+			<item>cachefs</item>    <item>cgroup</item>     <item>cgroup2</item>
+			<item>cifs</item>       <item>coherent</item>   <item>configfs</item>
+			<item>cpuset</item>     <item>cramfs</item>     <item>debugfs</item>
+			<item>devfs</item>      <item>devpts</item>     <item>devtmpfs</item>
+			<item>ecryptfs</item>   <item>efs</item>        <item>fuse</item>
+			<item>fuseblk</item>    <item>fusectl</item>    <item>hugetlbfs</item>
+			<item>iso9660</item>    <item>kernfs</item>     <item>mqueue</item>
+			<item>pipefs</item>     <item>proc</item>       <item>procfs</item>
+			<item>pstore</item>     <item>ramfs</item>      <item>romfs</item>
+			<item>rootfs</item>     <item>securityfs</item> <item>selinuxfs</item>
+			<item>sockfs</item>     <item>specfs</item>     <item>squashfs</item>
+			<item>swapfs</item>     <item>sysfs</item>      <item>sysv</item>
+			<item>tmpfs</item>      <item>usbfs</item>      <item>vfat</item>
 			<!-- FS Types -->
-			<item>adfs</item>
-			<item>affs</item>
-			<item>apfs</item>
-			<item>btrfs</item>
-			<item>coda</item>
-			<item>exfat</item>
-			<item>ext2</item>
-			<item>ext3</item>
-			<item>ext4</item>
-			<item>f2fs</item>
-			<item>fatx</item>
-			<item>hfs</item>
-			<item>hfsplus</item>
-			<item>hpfs</item>
-			<item>jfs</item>
-			<item>lvm2</item>
-			<item>minix</item>
-			<item>msdos</item>
-			<item>ncpfs</item>
-			<item>nilfs</item>
-			<item>nilfs2</item>
-			<item>nfs</item>
-			<item>nfs4</item>
-			<item>ntfs-3g</item>
-			<item>qnx4</item>
-			<item>qnx6</item>
-			<item>reiser4</item>
-			<item>reiserfs</item>
-			<item>smbfs</item>
-			<item>swap</item>
-			<item>tracefs</item>
-			<item>ubifs</item>
-			<item>udf</item>
-			<item>ufs</item>
-			<item>umsdos</item>
-			<item>urefs</item>
-			<item>xenix</item>	
-			<item>xfs</item>
+			<item>adfs</item>       <item>affs</item>       <item>apfs</item>
+			<item>btrfs</item>      <item>coda</item>       <item>exfat</item>
+			<item>ext2</item>       <item>ext3</item>       <item>ext4</item>
+			<item>f2fs</item>       <item>fatx</item>       <item>hfs</item>
+			<item>hfsplus</item>    <item>hpfs</item>       <item>jfs</item>
+			<item>lvm2</item>       <item>minix</item>      <item>msdos</item>
+			<item>ncpfs</item>      <item>nilfs</item>      <item>nilfs2</item>
+			<item>nfs</item>        <item>nfs4</item>       <item>ntfs</item>
+			<item>ntfs-3g</item>    <item>qnx4</item>       <item>qnx6</item>
+			<item>reiser4</item>    <item>reiserfs</item>   <item>smbfs</item>
+			<item>swap</item>       <item>tracefs</item>    <item>ubifs</item>
+			<item>udf</item>        <item>ufs</item>        <item>umsdos</item>
+			<item>urefs</item>      <item>xenix</item>	    <item>xfs</item>
 			<item>zfs</item>
 		</list>
 
@@ -659,8 +435,7 @@
 			<context name="_common" attribute="Normal Text" lineEndContext="#stay">
 				<DetectChar context="_comment" attribute="Comment" char=";"/>
 				<DetectChar context="_quoted" attribute="Text Quoted" char="&quot;"/>
-				<RegExpr context="_path_content" attribute="Path" String="/(?![\s\(\)&quot;/])" insensitive="true"/>
-				<RegExpr context="#stay" attribute="Path" String="/(?=([\s\(\)]|$))" insensitive="true"/>
+				<DetectChar context="_path_content" attribute="Path" char="/"/>
 				<!-- IPv4 -->
 				<RegExpr context="#stay" attribute="IP Address" String="\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"/>
 				<!-- IPv6 -->
@@ -671,27 +446,28 @@
 				
 				<RegExpr context="#stay" attribute="Normal Text" String="(\b&identifier;)?(\.&identifier;)+(?=([\s\(\)]|$))"/>
 				<DetectChar context="#stay" attribute="Special Char" char="*"/>
-				<HlCStringChar context="#stay" attribute="Escape Expression"/>
+				<HlCStringChar context="#stay" attribute="Escape Char"/>
 				<!-- File contexts: user_u:role_r:type_t:s0:c0 -->
 				<RegExpr context="#stay" attribute="File Contexts" String="\b[^\s:\(\)&quot;]+(:[^\s:\(\)&quot;]+){2}(:[^\s:\(\)&quot;]+)*(?=([^&symbol;]|\s|$))"/>
 			</context>
 
 			<context name="_comment" attribute="Comment" lineEndContext="#pop">
-				<LineContinue context="#pop" attribute="Comment"/>
 				<DetectSpaces />
 				<IncludeRules context="##Alerts"/>
 				<IncludeRules context="##Modelines"/>
 			</context>
 			<context name="_quoted" attribute="Text Quoted" lineEndContext="#stay">
 				<DetectChar context="#pop" attribute="Text Quoted" char="&quot;"/>
+				<IncludeRules context="_brackets_error"/>
 				<DetectChar context="_square_brackets" attribute="Pattern Brackets" char="["/>
 				<DetectChar context="_round_brackets" attribute="Pattern Brackets" char="("/>
 				<IncludeRules context="_quantification_brackets"/>
 				<IncludeRules context="_path_special_chars"/>
 			</context>
 			<context name="_path_content" attribute="Path" lineEndContext="#pop">
 				<DetectSpaces context="#pop" attribute="Normal Text" lookAhead="true"/>
 				<RegExpr context="#pop" attribute="Normal Text" String="[^&symbol;]" lookAhead="true"/>
+				<IncludeRules context="_brackets_error"/>
 				<DetectChar context="_square_brackets_path" attribute="Pattern Brackets" char="["/>
 				<IncludeRules context="_quantification_brackets"/>
 				<IncludeRules context="_path_special_chars"/>
@@ -768,6 +544,7 @@
 				<RegExpr context="#pop!_statement_level1" attribute="Normal Text" String="&statementchar;" lookAhead="true"/> <!-- Detect first word -->
 			</context>
 			<context name="_statement_level1" attribute="Normal Text" fallthrough="true" fallthroughContext="#pop!_rule_level1" lineEndContext="#pop!_rule_level1">
+				<!-- When writing a statement and then a delimiter (like a space), go to the context "_rule_level1" -->
 				<IncludeRules context="_default_statement"/>
 				<RegExpr context="#pop!_rule_without_statement_level1" attribute="Normal Text" String="&statementchar;+" lookAhead="true"/>
 			</context>
@@ -871,54 +648,63 @@
 				<IncludeRules context="_default_rule_without_statement"/>
 			</context>
 
-			<!-- Regex (FCGlob?) -->
+			<!-- PCRE Regex (FCGlob?) -->
 			<context name="_path_special_chars" attribute="Normal Text" lineEndContext="#stay">
 				<IncludeRules context="_special_chars"/>
-				<IncludeRules context="_escape"/>
+				<IncludeRules context="_escape_char"/>
 			</context>
 			<context name="_special_chars" attribute="Normal Text" lineEndContext="#stay">
 				<AnyChar context="#stay" attribute="Special Char" String="*?.+"/>
 			</context>
-			<context name="_escape" attribute="Normal Text" lineEndContext="#stay">
-				<HlCStringChar context="#stay" attribute="Escape Expression"/>
-				<RegExpr context="#stay" attribute="Escape Expression" String="\\[\ssSdDwWbBAZiIcC\|\.\-\^\?\*\+\(\)\[\]\{\},]"/>
+			<context name="_escape_char" attribute="Normal Text" lineEndContext="#stay">
+				<RegExpr context="#stay" attribute="Escape Char" String="\\(x\{[\da-fA-f]{1,2}\}|g\{\w+\}|g&lt;\w+&gt;)"/>
+				<HlCStringChar context="#stay" attribute="Escape Char"/>
+				<RegExpr context="#stay" attribute="Escape Char" String="\\[sSdDwWbBAZcCtrnaefvhxGHKNQRVX\s&#033;&#034;&#035;&#036;&#037;&#038;&#039;&#040;&#041;&#042;&#043;&#044;&#045;&#046;&#047;&#058;&#059;&#060;&#061;&#062;&#063;&#064;&#091;&#092;&#093;&#094;&#095;&#096;&#123;&#124;&#125;&#126;]"/>
+				<RegExpr context="#stay" attribute="Error" String="\\.?"/> <!-- Non-ASCII characters -->
 			</context>
 			<context name="_quantification_brackets" attribute="Normal Text" lineEndContext="#stay">
 				<!-- {n} {min,} {,max} {min,max} -->
 				<RegExpr context="#stay" attribute="Pattern Brackets" String="\{(\d+(,\d*)?|,\d+)\}"/>
 			</context>
 			<!-- Groups: [ ] and ( ) -->
 			<context name="_square_brackets" attribute="Pattern Brackets" lineEndContext="#pop">
 				<DetectChar context="#pop" attribute="Pattern Brackets" char="]"/>
-				<IncludeRules context="_escape"/>
+				<IncludeRules context="_escape_char"/>
 
 				<DetectSpaces context="#pop" attribute="Normal Text" lookAhead="true"/>
 				<DetectChar context="#pop" attribute="Normal Text" char="&quot;" lookAhead="true"/>
 				<DetectChar context="#stay" attribute="Error" char="["/>
 				<RegExpr context="#stay" attribute="Open Pattern Brackets" String="[^\s\]](?=([\s&quot;]|$))"/>
 				
-				<AnyChar context="#stay" attribute="Special Char 2" String="^-"/>
+				<AnyChar context="#stay" attribute="Special Char of Brackets" String="^-"/>
 				<IncludeRules context="_special_chars"/>
 			</context>
-			<context name="_round_brackets" attribute="Pattern Brackets" lineEndContext="#pop">
+			<context name="_round_brackets" attribute="Pattern Brackets" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_round_brackets_content">		
+				<RegExpr context="#pop!_round_brackets_content" attribute="Special Char of Brackets" String="\?(\=|!|:|&gt;|\||R|&amp;|#|P\=|&lt;\=|&lt;!|P&lt;\w+&gt;)?(?=[^\s&quot;])"/>
+			</context>
+			<context name="_round_brackets_content" attribute="Pattern Brackets" lineEndContext="#pop">
 				<DetectChar context="#pop" attribute="Pattern Brackets" char=")"/>
-				<IncludeRules context="_escape"/>
+				<IncludeRules context="_escape_char"/>
 
 				<DetectSpaces context="#pop" attribute="Normal Text" lookAhead="true"/>
 				<DetectChar context="#pop" attribute="Normal Text" char="&quot;" lookAhead="true"/>
+				<IncludeRules context="_brackets_error"/>
 				<DetectChar context="_square_brackets" attribute="Pattern Brackets" char="["/>
 				<DetectChar context="_round_brackets" attribute="Pattern Brackets" char="("/>
 				<IncludeRules context="_quantification_brackets"/>
 				<RegExpr context="#stay" attribute="Open Pattern Brackets" String="[^\s\[\]\(\)](?=([\s&quot;]|$))"/>
 
-				<DetectChar context="#stay" attribute="Special Char 2" char="|"/>
+				<DetectChar context="#stay" attribute="Special Char of Brackets" char="|"/>
 				<IncludeRules context="_special_chars"/>
 			</context>
 			<context name="_square_brackets_path" attribute="Pattern Brackets" lineEndContext="#pop">
 				<RegExpr context="#pop" attribute="Normal Text" String="[^&symbol;]" lookAhead="true"/>
 				<RegExpr context="#stay" attribute="Open Pattern Brackets" String="[^\s\]](?![&symbol;])"/>
 				<IncludeRules context="_square_brackets"/>
 			</context>
+			<context name="_brackets_error" attribute="Normal Text" lineEndContext="#stay">
+				<Detect2Chars context="#stay" attribute="Error" char="[" char1="]"/>
+			</context>
 			
 		</contexts>
 
@@ -954,12 +740,12 @@
 			<itemData name="Brackets5" defStyleNum="dsNormal" color="#000088" bold="1" />
 			<itemData name="Brackets6" defStyleNum="dsNormal" color="#880088" bold="1" />
 
-			<itemData name="Special Char"          defStyleNum="dsSpecialChar"   spellChecking="false"/>
-			<itemData name="Special Char 2"        defStyleNum="dsAnnotation"    spellChecking="false"/>
-			<itemData name="Pattern Brackets"      defStyleNum="dsSpecialString" spellChecking="false"/>
-			<itemData name="Open Pattern Brackets" defStyleNum="dsSpecialString" underline="1" spellChecking="false"/>
-			<itemData name="Escape Expression"     defStyleNum="dsSpecialChar"   spellChecking="false"/>
-			<itemData name="Error" defStyleNum="dsError" spellChecking="false"/>
+			<itemData name="Escape Char"              defStyleNum="dsSpecialChar"   spellChecking="false"/>
+			<itemData name="Special Char"             defStyleNum="dsSpecialChar"   spellChecking="false"/>
+			<itemData name="Special Char of Brackets" defStyleNum="dsAnnotation"    spellChecking="false"/>
+			<itemData name="Pattern Brackets"         defStyleNum="dsSpecialString" spellChecking="false"/>
+			<itemData name="Open Pattern Brackets"    defStyleNum="dsSpecialString" underline="1" spellChecking="false"/>
+			<itemData name="Error"                    defStyleNum="dsError"         spellChecking="false"/>
 		</itemDatas>
 
 	</highlighting>
diff --git a/data/syntax/selinux-fc.xml b/data/syntax/selinux-fc.xml
--- a/data/syntax/selinux-fc.xml
+++ b/data/syntax/selinux-fc.xml
@@ -28,12 +28,14 @@
   ==========================================================================================
 
   Change log:
+    * Version 2 [15-Mar-2018, by Nibaldo G.]:
+		- Small optimizations. Improvements in paths & PCRE Regex highlighting.
   	* Version 1 [26-Jan-2018, by Nibaldo González]:
 		- Initial version.
 -->
 
 <language name="SELinux File Contexts"
-		version="1"
+		version="2"
         kateversion="5.0"
 		section="Other"
 		extensions="*.fc;file_contexts;file_contexts.local;file_contexts.homedirs;file_contexts.template;homedir_template"
@@ -55,62 +57,63 @@
 			<context name="_normal" attribute="Normal Text" lineEndContext="#stay">
 				<DetectChar context="_comment" attribute="Comment" char="#"/>
 				<RegExpr context="#stay" attribute="File Type" String="(\s|^)\-[bcdpls\-](?=(\s|$))"/>
-
-				<RegExpr context="_path_content" attribute="Path" String="/(?![\s/&#039;])" insensitive="true"/>
-				<RegExpr context="#stay" attribute="Path" String="/(?=(\s|$))"/>
-				<DetectChar context="_quoted" attribute="Text Quoted" char="&quot;"/>
+				<DetectChar context="_path_content" attribute="Path" char="/"/>
 				<DetectChar context="_content_quoted" attribute="Text Quoted" char="&#096;"/>
 				
 				<!-- File Contexts:   user:role:type:s0 -->
 				<RegExpr context="_fc_user" attribute="User" String="\b[&symbol;,]+(?=(:[&symbol;,]+){2}(:[&symbol;,]+)*\b)"/>
 				
-				<DetectChar context="_parentheses_content" attribute="Normal Text" char="(" beginRegion="Parentheses Block"/>
+				<DetectChar context="_parentheses_content" attribute="Normal Text" char="(" beginRegion="ParenthesesBlock"/>
 				<WordDetect context="#stay" attribute="Other Keywords" String="&lt;&lt;none&gt;&gt;"/>
-				<HlCStringChar context="#stay" attribute="Escape Expression"/>
-				<DetectChar context="#stay" attribute="Special Char" char="*"/>
+				<HlCStringChar context="#stay" attribute="Escape Char"/>
 				<keyword context="#stay" attribute="Keywords" String="keywords"/>
 				<RegExpr context="#stay" attribute="Keywords" String="\b[&symbol;]+(?=\()"/>
 				
-				<RegExpr context="_path_content" attribute="Variable" String="\bHOME_(DIR|ROOT)"/> <!-- Default Variables -->
+				<!-- Default Variables -->
+				<StringDetect context="_path_content" attribute="Variable" String="HOME_DIR"/>
+				<StringDetect context="_path_content" attribute="Variable" String="HOME_ROOT"/>
+
+				<DetectChar context="_path_content" attribute="Path" char="[" lookAhead="true"/>
 				<RegExpr context="_path_content" attribute="Path" String="\b[&symbol;,]+[/\\\*\?\[\{]" insensitive="true" lookAhead="true" firstNonSpace="true"/>
 				<Detect2Chars context="_path_content" attribute="Variable" char="%" char1="{" lookAhead="true"/>
 			</context>
 			
 			<context name="_parentheses_content" attribute="Normal Text" lineEndContext="#stay">
-				<DetectChar context="#pop" attribute="Normal Text" char=")" endRegion="Parentheses Block"/>
+				<DetectChar context="#pop" attribute="Normal Text" char=")" endRegion="ParenthesesBlock"/>
 				
 				<!-- File Contexts:   (user:role:type,s0,c0) -->
 				<RegExpr context="_fc_user" attribute="User" String="\b[&symbol;]+(?=(:[&symbol;]+){2}(\s*,\s*[&symbol;]+)*\b)"/>				
 				
 				<IncludeRules context="_normal"/>
-				<RegExpr context="#stay" attribute="Level" String="\b([sc]\d+[\-\.])?m[lc]s_[\w\-\.]+\b"/>
-				<RegExpr context="#stay" attribute="Level" String="\bs\d+([\-\.]s\d+)*\b"/>
-				<RegExpr context="#stay" attribute="Level" String="\bc\d+([\-\.]c\d+)*\b"/>
+				<RegExpr context="#stay" attribute="Level" String="\b(s\d+([\-\.]s\d+)*|c\d+([\-\.]c\d+)*|([sc]\d+[\-\.])?m[lc]s_[\w\-\.]+)\b"/>
 			</context>
 
 			<context name="_comment" attribute="Comment" lineEndContext="#pop">
-				<LineContinue context="#pop" attribute="Comment"/>
 				<DetectSpaces />
 				<IncludeRules context="##Alerts"/>
 				<IncludeRules context="##Modelines"/>
 			</context>
 			<context name="_path_content" attribute="Path" lineEndContext="#pop">
 				<DetectSpaces context="#pop" attribute="Normal Text" lookAhead="true"/>
-				<DetectChar context="#pop" attribute="Normal Text" char="&#039;" lookAhead="true"/>
-				<IncludeRules context="_patterns"/>
+				<IncludeRules context="_regex"/>
 				<IncludeRules context="_variable"/>
 			</context>
+			<context name="_variable" attribute="Normal Text" lineEndContext="#stay">
+				<RegExpr context="#stay" attribute="Variable" String="%\{[a-zA-Z]\w*\}"/>
+			</context>
+
 			<context name="_content_quoted" attribute="Text Quoted" lineEndContext="#stay">
 				<DetectChar context="#pop" attribute="Text Quoted" char="&#039;"/>
+				<DetectChar context="_path_content_quoted" attribute="Path" char="/"/>
+				<StringDetect context="_path_content_quoted" attribute="Variable" String="HOME_DIR"/>
+				<StringDetect context="_path_content_quoted" attribute="Variable" String="HOME_ROOT"/>
+				<DetectChar context="_path_content_quoted" attribute="Path" char="[" lookAhead="true"/>
+				<Detect2Chars context="_path_content_quoted" attribute="Variable" char="%" char1="{" lookAhead="true"/>
 				<IncludeRules context="_normal"/>
 			</context>
-			<context name="_quoted" attribute="Text Quoted" lineEndContext="#stay">
-				<DetectChar context="#pop" attribute="Text Quoted" char="&quot;"/>
-				<IncludeRules context="_patterns"/>
-				<IncludeRules context="_variable"/>
-			</context>
-			<context name="_variable" attribute="Normal Text" lineEndContext="#stay">
-				<RegExpr context="#stay" attribute="Variable" String="%\{[a-zA-Z]\w*\}"/>
+			<context name="_path_content_quoted" attribute="Path" lineEndContext="#pop">
+				<RegExpr context="#pop#pop" attribute="Text Quoted" String="&#039;(?=([\s\)]|$))"/>
+				<IncludeRules context="_path_content"/>
 			</context>
 
 			<!-- SELinux Security Contexts -->
@@ -136,54 +139,62 @@
 				<RegExpr context="#stay" attribute="Normal Text" String="\s*,\s*(?=[&symbol;])"/>
 			</context>
 			
-			<!-- Regex (FCGlob?) -->
-			<context name="_patterns" attribute="Normal Text" lineEndContext="#stay">
-				<IncludeRules context="_escape"/>
+			<!-- PCRE Regex (FCGlob?) -->
+			<context name="_regex" attribute="Normal Text" lineEndContext="#stay">
+				<IncludeRules context="_escape_char"/>
+				<IncludeRules context="_brackets_error"/>
 				<DetectChar context="_square_brackets" attribute="Pattern Brackets" char="["/>
 				<DetectChar context="_round_brackets" attribute="Pattern Brackets" char="("/>
 				<IncludeRules context="_quantification_brackets"/>
 				<IncludeRules context="_special_chars"/>
 			</context>
 			<context name="_special_chars" attribute="Normal Text" lineEndContext="#stay">
 				<AnyChar context="#stay" attribute="Special Char" String="*?.+"/>
 			</context>
-			<context name="_escape" attribute="Normal Text" lineEndContext="#stay">
-				<HlCStringChar context="#stay" attribute="Escape Expression"/>
-				<RegExpr context="#stay" attribute="Escape Expression" String="\\[\ssSdDwWbBAZiIcC\|\.\-\^\?\*\+\(\)\[\]\{\},]"/>
+			<context name="_escape_char" attribute="Normal Text" lineEndContext="#stay">
+				<RegExpr context="#stay" attribute="Escape Char" String="\\(x\{[\da-fA-f]{1,2}\}|g\{\w+\}|g&lt;\w+&gt;)"/>
+				<HlCStringChar context="#stay" attribute="Escape Char"/>
+				<RegExpr context="#stay" attribute="Escape Char" String="\\[sSdDwWbBAZcCtrnaefvxhGHKNQRVX\s&#033;&#034;&#035;&#036;&#037;&#038;&#039;&#040;&#041;&#042;&#043;&#044;&#045;&#046;&#047;&#058;&#059;&#060;&#061;&#062;&#063;&#064;&#091;&#092;&#093;&#094;&#095;&#096;&#123;&#124;&#125;&#126;]"/>
+				<RegExpr context="#stay" attribute="Error" String="\\.?"/> <!-- Non-ASCII characters -->
 			</context>
 			<context name="_quantification_brackets" attribute="Normal Text" lineEndContext="#stay">
 				<!-- {n} {min,} {,max} {min,max} -->
 				<RegExpr context="#stay" attribute="Pattern Brackets" String="\{(\d+(,\d*)?|,\d+)\}"/>
 			</context>
 			<!-- Groups: [ ] and ( ) -->
 			<context name="_square_brackets" attribute="Pattern Brackets" lineEndContext="#pop">
 				<DetectChar context="#pop" attribute="Pattern Brackets" char="]"/>
-				<IncludeRules context="_escape"/>
+				<IncludeRules context="_escape_char"/>
 
-				<DetectSpaces context="#pop" lookAhead="true"/>
-				<DetectChar context="#pop" attribute="Path" char="&quot;" lookAhead="true"/>
+				<DetectSpaces context="#pop" attribute="Path" lookAhead="true"/>
 				<IncludeRules context="_variable"/>
 				<DetectChar context="#stay" attribute="Error" char="["/>
-				<RegExpr context="#stay" attribute="Open Pattern Brackets" String="[^\s\]](?=([\s&quot;]|$))"/>
+				<RegExpr context="#stay" attribute="Open Pattern Brackets" String="[^\s\]](?=(\s|$))"/>
 				
-				<AnyChar context="#stay" attribute="Special Char 2" String="^-"/>
+				<AnyChar context="#stay" attribute="Special Char of Brackets" String="^-"/>
 				<IncludeRules context="_special_chars"/>
 			</context>
-			<context name="_round_brackets" attribute="Pattern Brackets" lineEndContext="#pop">
+			<context name="_round_brackets" attribute="Pattern Brackets" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_round_brackets_content">		
+				<RegExpr context="#pop!_round_brackets_content" attribute="Special Char of Brackets" String="\?(\=|!|:|&gt;|\||R|&amp;|#|P\=|&lt;\=|&lt;!|P&lt;\w+&gt;)?(?=\S)"/>
+			</context>
+			<context name="_round_brackets_content" attribute="Pattern Brackets" lineEndContext="#pop">
 				<DetectChar context="#pop" attribute="Pattern Brackets" char=")"/>
-				<IncludeRules context="_escape"/>
+				<IncludeRules context="_escape_char"/>
 
-				<DetectSpaces context="#pop" lookAhead="true"/>
-				<DetectChar context="#pop" attribute="Path" char="&quot;" lookAhead="true"/>
+				<DetectSpaces context="#pop" attribute="Path" lookAhead="true"/>
 				<IncludeRules context="_variable"/>
+				<IncludeRules context="_brackets_error"/>
 				<DetectChar context="_square_brackets" attribute="Pattern Brackets" char="["/>
 				<DetectChar context="_round_brackets" attribute="Pattern Brackets" char="("/>
 				<IncludeRules context="_quantification_brackets"/>
-				<RegExpr context="#stay" attribute="Open Pattern Brackets" String="[^\s\[\]\(\)](?=([\s&quot;]|$))"/>
+				<RegExpr context="#stay" attribute="Open Pattern Brackets" String="[^\s\[\]\(\)](?=(\s|$))"/>
 				
-				<DetectChar context="#stay" attribute="Special Char 2" char="|"/>
+				<DetectChar context="#stay" attribute="Special Char of Brackets" char="|"/>
 				<IncludeRules context="_special_chars"/>
 			</context>
+			<context name="_brackets_error" attribute="Normal Text" lineEndContext="#stay">
+				<Detect2Chars context="#stay" attribute="Error" char="[" char1="]"/>
+			</context>
 
 		</contexts>
 
@@ -203,12 +214,12 @@
 			<itemData name="Type"  defStyleNum="dsDataType"       spellChecking="false"/>
 			<itemData name="Level" defStyleNum="dsVerbatimString" spellChecking="false"/>
 			
-			<itemData name="Special Char"          defStyleNum="dsSpecialChar"   spellChecking="false"/>
-			<itemData name="Special Char 2"        defStyleNum="dsAnnotation"    spellChecking="false"/>
-			<itemData name="Pattern Brackets"      defStyleNum="dsSpecialString" spellChecking="false"/>
-			<itemData name="Open Pattern Brackets" defStyleNum="dsSpecialString" underline="1" spellChecking="false"/>
-			<itemData name="Escape Expression"     defStyleNum="dsSpecialChar"   spellChecking="false"/>
-			<itemData name="Error" defStyleNum="dsError" spellChecking="false"/>
+			<itemData name="Escape Char"              defStyleNum="dsSpecialChar"   spellChecking="false"/>
+			<itemData name="Special Char"             defStyleNum="dsSpecialChar"   spellChecking="false"/>
+			<itemData name="Special Char of Brackets" defStyleNum="dsAnnotation"    spellChecking="false"/>
+			<itemData name="Pattern Brackets"         defStyleNum="dsSpecialString" spellChecking="false"/>
+			<itemData name="Open Pattern Brackets"    defStyleNum="dsSpecialString" underline="1" spellChecking="false"/>
+			<itemData name="Error"                    defStyleNum="dsError"         spellChecking="false"/>
 		</itemDatas>
 
 	</highlighting>