Comment 0 for bug 1235444

get_app_pkg_name() parses the value of /proc/self/attr/current to determine the value to use for the cache directory, but it has an off by one error as seen with this apparmor denial:
Oct 4 14:47:00 localhost kernel: [ 2456.617111] type=1400 audit(1380916020.878:369): apparmor="DENIED" operation="mkdir" parent=3324 profile="net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6" name="/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo/" pid=15749 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

The app's apparmor label is "net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6" so it should use:
/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos

however is actually uses:
/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo

This can perhaps be seen more clearly with the attached test program. Steps to reproduce:
$ cat > /tmp/bug.profile <<EOM
#include <tunables/global>
profile test_me {
  file,
}
EOM
$ sudo apparmor_parser -r /tmp/bug.profile
$ g++ /tmp/bug.cpp -o /tmp/bug
$ aa-exec -p test_me -- /tmp/bug
/proc/self/attr/current=test_me (enforce)
app_pkg_name=tes
$