parser: Fix expansion of variables in unix rules addr= conditional

The parser is not treating unix addr as a path and filtering slashes
after variable expansion. This can lead to errors where

@{foo}=/a/
unix bind addr=@{foo}/bar,

will always fail because addr is being matched as /a//bar instead of
/a/bar.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/607
Fixes: https://bugs.launchpad.net/apparmor/+bug/1856738
Signed-off-by: John Johansen <john.johansen@canonical.com>

parser/af_unix.cc

@@ -157,9 +157,11 @@ int unix_rule::expand_variables(void)
 	error = expand_entry_variables(&addr);
 	if (error)
 		return error;
+	filter_slashes(addr);
 	error = expand_entry_variables(&peer_addr);
 	if (error)
 		return error;
+	filter_slashes(peer_addr);
 
 	return 0;
 }

parser/parser.h

@@ -402,6 +402,7 @@ extern int post_process_entry(struct cod_entry *entry);
 extern int process_policydb(Profile *prof);
 
 extern int process_policy_ents(Profile *prof);
+extern void filter_slashes(char *path);
 
 /* parser_variable.c */
 int expand_entry_variables(char **name);

parser/parser_regex.c

@@ -47,7 +47,7 @@ enum error_type {
  * that's a distinct namespace in linux) and trailing slashes.
  * NOTE: modifies in place the contents of the path argument */
 
-static void filter_slashes(char *path)
+void filter_slashes(char *path)
 {
 	char *sptr, *dptr;
 	BOOL seen_slash = 0;