Comment 0 for bug 1609885

If a profile has '.' in the name, then the parser fails to compile the policy:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found unexpected character: '.'

If put a profile with '.' in the name in a variable, the parser compiles the policy but the exec transition fails:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
/tmp/with.dots: 3: /tmp/with.dots: cat: Permission denied

denial is:
apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="test" name="/bin/cat" pid=18219 comm="with.dots" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

$ cat /tmp/test.sh
#!/bin/sh
cat /proc/version

$ cat /tmp/profile
#include <tunables/global>

@{TARGET_PROFILE}="with.dots"

profile test {
  #include <abstractions/base>
  #include <abstractions/bash>

  /tmp/test.sh r,

  # parser error:
  # AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found
  # unexpected character: '.'
  /{,usr/}bin/cat cx -> with.dots,

  # fail to transition:
  # apparmor="DENIED" operation="exec" info="profile transition not found"
  # error=-13 profile="test" name="/bin/cat" pid=18105 comm="with.dots"
  # requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
  #/{,usr/}bin/cat cx -> @{TARGET_PROFILE},

  # ok
  #/{,usr/}bin/cat cx -> no_dots,

  profile with.dots {
    #include <abstractions/base>
    @{PROC}/version r,
    /{,usr/}bin/cat r,
  }

  profile no_dots {
    #include <abstractions/base>
    @{PROC}/version r,
    /{,usr/}bin/cat r,
  }
}

$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found unexpected character: '.'