Comment 1 for bug 1413410

So first off something is wrong with the decode
   google-nacl-o1d12356-391

does not contain any characters that would cause encoding to happen. Doing a manual decode verifies that the issue is the trailing 0s.

The question still remains if this is a bug in apparmor grabbing the abstract names length, or if the application is really specifying all those null characters as part of the name.

So to the match patterns
> unix bind type=dgram addr=@google-nacl*,
> unix bind type=dgram addr="@google-nacl*",
Looking at the match generation * will not match \000 which will cause this to fail. This should be considered a bug since \000 is a valid character in abstract socket names

> unix bind type=dgram addr=@676F6F676C652D6E61636C2D6*,
> unix bind type=dgram addr="@676F6F676C652D6E61636C2D6*",
these are just incorrect apparmor rules don't support the hex encoding, this is something audit does when it encounters characters out of its printable alphanum range.

> unix bind type=dgram addr=@google-nacl*\\000*,
this won't work, perhaps you where thinking of regular re instead of apparmor's extended globbing?

> unix bind type=dgram addr=@google-nacl*[0-9a-zA-Z]\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000\\000{,\\000,\\000\\000},

this is closer but still will not work

The follow rule should match the number of trailing null characters exactly, the audit encoding is hex so each two 0s is character which is mapped to \x00 below. Basically I copied and pasted the trailing 0s and insert \x every 2 00s. Currently there is no way to pattern match the trailing 0s and they must be provided in the exact number. An alternation can be used to vary the number but its is different than the alternation above.

unix bind type=dgram addr="@google-nacl*\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

To vary the count of trailing nulls that are accepted we can use an alternation, however apparmor embedded alternation support can not handle a nesting level of 83, so the follow expression should but won't work until native parsing of aare is implemented
unix bind type=dgram addr="@google-nacl*{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00{\x00,},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},},}"

instead we have to use the less efficient (to compile) non-embedded alternation form
unix bind type=dgram addr="@google-nacl*{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}{\x00,}"

however there is one more twist, there is yet another bug preventing expressing null in any way, \x00, \000 and \d00 all fail in the compile. Specifying \\000 only expresses the literal character \ followed by 3 zeros