Add support for variable expansion in profile names, and attachments

allow
  @{FOO}=bar
  /foo@{FOO} { }

to be expanded into
  /foobar { }

and
  @{FOO}=bar baz
  /foo@{FOO} { }

to be expanded into
  /foo{bar,baz} { }
which is used as a regular expression for attachment purposes

Further allow variable expansion in attachment specifications
  profile foo /foo@{FOO} { }

profile name (if begun with profile keyword) and attachments to begin
with a variable
  profile @{FOO} { }
  profile /foo @{FOO} { }
  profile @{FOO} @{BAR} {}

hats
  ^@{FOO}
  hat @{FOO}

and for subprofiles as well

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>

parser/parser_variable.c

@@ -275,12 +275,29 @@ static int process_variables_in_rules(Profile &prof)
 	return 0;
 }
 
+static int process_variables_in_name(Profile &prof)
+{
+	/* this needs to be done before alias expansion, ie. altnames are
+	 * setup
+	 */
+	int error = expand_entry_variables(&prof.name);
+	if (!error && prof.attachment)
+		error = expand_entry_variables(&prof.attachment);
+
+	return error;
+}
 
 int process_profile_variables(Profile *prof)
 {
 	int error = 0, rc;
 
-	error = new_set_var(PROFILE_NAME_VARIABLE, prof->get_name(true).c_str());
+	/* needs to be before PROFILE_NAME_VARIABLE so that variable will
+	 * have the correct name
+	 */
+	error = process_variables_in_name(*prof);
+
+	if (!error)
+		error = new_set_var(PROFILE_NAME_VARIABLE, prof->get_name(true).c_str());
 
 	if (!error)
 		error = process_variables_in_entries(prof->entries);

parser/parser_yacc.y

@@ -252,6 +252,7 @@ void add_local_entry(Profile *prof);
 %type <val_list> valuelist
 %type <boolean> expr
 %type <id>	id_or_var
+%type <id>	opt_id_or_var
 %type <boolean> opt_subset_flag
 %type <boolean> opt_audit_flag
 %type <boolean> opt_owner_flag
@@ -307,7 +308,10 @@ opt_ns: { /* nothing */ $$ = NULL; }
 opt_id: { /* nothing */ $$ = NULL; }
 	| TOK_ID { $$ = $1; }
 
-profile_base: TOK_ID opt_id flags TOK_OPEN rules TOK_CLOSE
+opt_id_or_var: { /* nothing */ $$ = NULL; }
+	| id_or_var { $$ = $1; }
+
+profile_base: TOK_ID opt_id_or_var flags TOK_OPEN rules TOK_CLOSE
 	{
 		Profile *prof = $5;
 
@@ -317,11 +321,8 @@ profile_base: TOK_ID opt_id flags TOK_OPEN rules TOK_CLOSE
 
 		prof->name = $1;
 		prof->attachment = $2;
-		if ($2 && $2[0] != '/')
+		if ($2 && !($2[0] == '/' || strncmp($2, "@{", 2) == 0))
-			/* we don't support variables as part of the profile
+			yyerror(_("Profile attachment must begin with a '/' or variable."));
-			 * name or attachment atm
-			 */
-			yyerror(_("Profile attachment must begin with a '/'."));
 		prof->flags = $3;
 		if (force_complain && kernel_abi_version == 5)
 			/* newer abis encode force complain as part of the

parser/tst/simple_tests/vars/vars_profile_name_01.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+/does/not/exist@{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_02.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar baz
+
+/does/not/exist@{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_03.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION profiles declared with the profile keyword can begin with var
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_04.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION profiles declared with the profile keyword can begin with var
+#=EXRESULT PASS
+
+@{FOO}=bar baz
+
+profile @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_05.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not /exist{@{FOO},} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_06.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar baz
+
+profile /does/not /exist@{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_07.sd

@@ -0,0 +1,10 @@
+#=DESCRIPTION profiles declared with the profile keyword can begin with var
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=bar
+
+profile /does/not/exist @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_08.sd

@@ -0,0 +1,10 @@
+#=DESCRIPTION profiles declared with the profile keyword can begin with var
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=bar baz
+
+profile /does/not/exist @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_09.sd

@@ -0,0 +1,9 @@
+#=DESCRIPTION reference variables in name and attachment
+#=EXRESULT PASS
+
+@{FOO}=bar
+@{BAR}=baz
+
+profile /does/not@{BAR} /exist@{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_10.sd

@@ -0,0 +1,9 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar baz
+@{BAR}=baz
+
+profile /does/not@{BAR} /exist@{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_11.sd

@@ -0,0 +1,9 @@
+#=DESCRIPTION profiles declared with the profile keyword have var and var attachment
+#=EXRESULT PASS
+
+@{FOO}=/bar /baz
+@{BAR}=baz foo
+
+profile /does/not/exist@{BAR} @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_12.sd

@@ -0,0 +1,11 @@
+#=DESCRIPTION profiles declared with the profile keyword can expand var and have var attachment
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=bar baz
+@{BAR}=baz foo
+
+profile /does/not/exist@{BAR} @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_13.sd

@@ -0,0 +1,11 @@
+#=DESCRIPTION reference variables that are the profile name and attachment
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=bar
+@{BAR}=baz
+
+profile @{BAR} @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_14.sd

@@ -0,0 +1,11 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=/bar /baz
+@{BAR}=baz
+
+profile @{BAR} @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_15.sd

@@ -0,0 +1,11 @@
+#=DESCRIPTION profiles declared with the profile keyword can begin with var
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=bar baz
+@{BAR}=baz foo
+
+profile @{BAR} @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_16.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION var in sub profile name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  profile foo@{FOO} { }
+}

parser/tst/simple_tests/vars/vars_profile_name_17.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION var in sub profile name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  profile @{FOO} { }
+}

parser/tst/simple_tests/vars/vars_profile_name_18.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION var in hat name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  ^foo@{FOO} { }
+}

parser/tst/simple_tests/vars/vars_profile_name_19.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION var in sub profile name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  profile @{FOO} { }
+}

parser/tst/simple_tests/vars/vars_profile_name_20.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION var in sub profile name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  profile foo@{FOO} { }
+}

parser/tst/simple_tests/vars/vars_profile_name_21.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION var in hat name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  ^@{FOO} { }
+}

parser/tst/simple_tests/vars/vars_profile_name_22.sd

@@ -0,0 +1,10 @@
+#=DESCRIPTION all attachment expansions must start with /
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=/bar baz
+
+profile /does/not/exist @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_23.sd

@@ -0,0 +1,7 @@
+#=DESCRIPTION reference variables in profile name is undefined
+#=EXRESULT FAIL
+
+
+/does/not/exist@{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_24.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION reference variables is null
+#=EXRESULT FAIL
+
+@{FOO}=
+
+/does/not/exist@{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_25.sd

@@ -0,0 +1,10 @@
+#=DESCRIPTION reference variables is null
+#=EXRESULT FAIL
+#=TODO
+#needs post var expansion check that variable contained a value
+
+@{FOO}=
+
+@{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_26.sd

@@ -0,0 +1,10 @@
+#=DESCRIPTION reference variables is null
+#=EXRESULT FAIL
+#=TODO
+#needs post var expansion check that variable contained a value
+
+@{FOO}=
+
+profile bar @{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_bad_1.sd

@@ -0,0 +1,8 @@
+#=DESCRIPTION bare profile names must start with /
+#=EXRESULT FAIL
+
+@{FOO}=bar
+
+@{FOO} {
+  /does/not/exist r,
+}

parser/tst/simple_tests/vars/vars_profile_name_bad_2.sd

@@ -0,0 +1,6 @@
+#=DESCRIPTION special @{profile_name} not defined for profile name declaration
+#=EXRESULT FAIL
+
+profile @{profile_name} {
+  /does/not/exist r,
+}