Fix logparser.py crash on change_hat events

'change_hat' events have the target profile in 'name2', not in 'name'
(which is None and therefore causes a crash when checking if it contains
'//')

Also add the log event causing this crash to the libapparmor testsuite.

References: https://bugs.launchpad.net/apparmor/+bug/1523297


Acked-by: John Johansen <john.johansen@canonical.com> for trunk, 2.10 and 2.9.

libraries/libapparmor/testsuite/test_multi/testcase_changehat_01.in

@@ -0,0 +1 @@
+type=AVC msg=audit(1449442292.901:961): apparmor="ALLOWED" operation="change_hat" profile="/usr/sbin/httpd{,2}-prefork" pid=8527 comm="httpd-prefork" target="/usr/sbin/httpd{,2}-prefork//HANDLING_UNTRUSTED_INPUT"

libraries/libapparmor/testsuite/test_multi/testcase_changehat_01.out

@@ -0,0 +1,11 @@
+START
+File: testcase_changehat_01.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1449442292.901:961
+Operation: change_hat
+Profile: /usr/sbin/httpd{,2}-prefork
+Command: httpd-prefork
+Name2: /usr/sbin/httpd{,2}-prefork//HANDLING_UNTRUSTED_INPUT
+PID: 8527
+Epoch: 1449442292
+Audit subid: 961

utils/apparmor/logparser.py

@@ -254,10 +254,10 @@ class ReadLog:
         if e['operation'] == 'change_hat':
             if aamode != 'HINT' and aamode != 'PERMITTING':
                 return None
-            profile = e['name']
+            profile = e['name2']
             #hat = None
-            if '//' in e['name']:
+            if '//' in e['name2']:
-                profile, hat = e['name'].split('//')[:2]
+                profile, hat = e['name2'].split('//')[:2]
 
         if not hat:
             hat = profile