Extend change_profile tests

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>

parser/tst/equality.sh

@@ -460,7 +460,9 @@ verify_binary_equality "Deny of ungranted perm" \
 
 verify_binary_equality "change_profile == change_profile -> **" \
 		       "/t { change_profile, }" \
-		       "/t { change_profile -> **, }"
+		       "/t { change_profile -> **, }" \
+		       "/t { change_profile /**, }" \
+		       "/t { change_profile /** -> **, }"
 
 if [ $fails -ne 0 -o $errors -ne 0 ]
 then

parser/tst/simple_tests/change_profile/onx_a_bare_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile /onexec
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile /onexec,
+}

parser/tst/simple_tests/change_profile/onx_a_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile /onexec
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile /onexec -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_a_ok_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile /onexec to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile /onexec -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/onx_a_ok_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile /onexec with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile /onexec -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_a_ok_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit change_profile /onexec with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit change_profile /onexec -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/onx_a_ok_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit change_profile /onexec with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit change_profile /onexec -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/onx_a_ok_6.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit change_profile /onexec with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile /onexec -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit change_profile /onexec -> "/bin/ foo",
+}

parser/tst/simple_tests/change_profile/onx_a_ok_7.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit change_profile /onexec to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile /onexec -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+   audit change_profile /onexec -> "/bin/foo// bar",
+}

parser/tst/simple_tests/change_profile/onx_a_ok_8.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit change_profile /onexec with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile /onexec -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit change_profile /onexec -> ":foo:/bin/ foo",
+}

parser/tst/simple_tests/change_profile/onx_a_re_ok_1.sd

@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit change_profile /onexec
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile /onexec -> /bin/*,
+}
+
+/usr/bin/foo2 {
+   audit change_profile /onexec -> /bin/**,
+}
+
+/usr/bin/foo3 {
+   audit change_profile /onexec -> /bin/?,
+}
+
+/usr/bin/foo4 {
+   audit change_profile /onexec -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+   audit change_profile /onexec -> /bin/[^ab],
+}
+

parser/tst/simple_tests/change_profile/onx_a_re_ok_2.sd

@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit change_profile /onexec to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile /onexec -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+   audit change_profile /onexec -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+   audit change_profile /onexec -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+   audit change_profile /onexec -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+   audit change_profile /onexec -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+   audit change_profile /onexec -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+   audit change_profile /onexec -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+   audit change_profile /onexec -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+   audit change_profile /onexec -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+   audit change_profile /onexec -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+   audit change_profile /onexec -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+   audit change_profile /onexec -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+   audit change_profile /onexec -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+   audit change_profile /onexec -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+   audit change_profile /onexec -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+   audit change_profile /onexec -> /bin/fo[^ab]//ba[^ab],
+}
+
+

parser/tst/simple_tests/change_profile/onx_a_re_ok_3.sd

@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit change_profile /onexec with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile /onexec -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+   audit change_profile /onexec -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+   audit change_profile /onexec -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+   audit change_profile /onexec -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+   audit change_profile /onexec -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+   audit change_profile /onexec -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+   audit change_profile /onexec -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+   audit change_profile /onexec -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+   audit change_profile /onexec -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+   audit change_profile /onexec -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+   audit change_profile /onexec -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+   audit change_profile /onexec -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+   audit change_profile /onexec -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+   audit change_profile /onexec -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+   audit change_profile /onexec -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+   audit change_profile /onexec -> :fo[^ab]:/bin/fo[^ab],
+}

parser/tst/simple_tests/change_profile/onx_a_re_ok_4.sd

@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit change_profile /onexec with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   audit change_profile /onexec -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+   audit change_profile /onexec -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+   audit change_profile /onexec -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+   audit change_profile /onexec -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+   audit change_profile /onexec -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+   audit change_profile /onexec -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+   audit change_profile /onexec -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+   audit change_profile /onexec -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+   audit change_profile /onexec -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+   audit change_profile /onexec -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+   audit change_profile /onexec -> @{LIBVIRT_RE}-fo[^ab],
+}

parser/tst/simple_tests/change_profile/onx_a_re_ok_5.sd

@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit change_profile /onexec with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit change_profile /onexec -> *,
+}
+
+/usr/bin/foo2 {
+   audit change_profile /onexec -> **,
+}
+
+/usr/bin/foo3 {
+   audit change_profile /onexec -> ?,
+}
+
+/usr/bin/foo4 {
+   audit change_profile /onexec -> [ab],
+}
+
+/usr/bin/foo5 {
+   audit change_profile /onexec -> [^ab],
+}
+

parser/tst/simple_tests/change_profile/onx_a_re_ok_6.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit change_profile /onexec with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit change_profile /onexec -> *//ab,
+}
+
+/usr/bin/foo2 {
+   audit change_profile /onexec -> **//ab,
+}
+
+/usr/bin/foo3 {
+   audit change_profile /onexec -> ?//ab,
+}
+
+/usr/bin/foo4 {
+   audit change_profile /onexec -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+   audit change_profile /onexec -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+   audit change_profile /onexec -> ab//*,
+}
+
+/usr/bin/foo7 {
+   audit change_profile /onexec -> ab//**,
+}
+
+/usr/bin/foo8 {
+   audit change_profile /onexec -> ab//?,
+}
+
+/usr/bin/foo9 {
+   audit change_profile /onexec -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+   audit change_profile /onexec -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+   audit change_profile /onexec -> *//*,
+}
+
+/usr/bin/foo12 {
+   audit change_profile /onexec -> **//*,
+}
+
+/usr/bin/foo13 {
+   audit change_profile /onexec -> ?//*,
+}
+
+/usr/bin/foo14 {
+   audit change_profile /onexec -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+   audit change_profile /onexec -> [^ab]//*,
+}
+

parser/tst/simple_tests/change_profile/onx_a_re_ok_7.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit change_profile /onexec with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+   audit change_profile /onexec -> :ab:*,
+}
+
+/usr/bin/foo2 {
+   audit change_profile /onexec -> :ab:**,
+}
+
+/usr/bin/foo3 {
+   audit change_profile /onexec -> :ab:?,
+}
+
+/usr/bin/foo4 {
+   audit change_profile /onexec -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+   audit change_profile /onexec -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+   audit change_profile /onexec -> :*:ab,
+}
+
+/usr/bin/foo7 {
+   audit change_profile /onexec -> :**:ab,
+}
+
+/usr/bin/foo8 {
+   audit change_profile /onexec -> :?:ab,
+}
+
+/usr/bin/foo9 {
+   audit change_profile /onexec -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+   audit change_profile /onexec -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+   audit change_profile /onexec -> :*:*,
+}
+
+/usr/bin/foo12 {
+   audit change_profile /onexec -> :**:**,
+}
+
+/usr/bin/foo13 {
+   audit change_profile /onexec -> :?:?,
+}
+
+/usr/bin/foo14 {
+   audit change_profile /onexec -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+   audit change_profile /onexec -> :[^ab]:[^ab],
+}

parser/tst/simple_tests/change_profile/onx_a_re_ok_8.sd

@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit change_profile /onexec re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+   audit change_profile /onexec -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+   audit change_profile /onexec -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+   audit change_profile /onexec -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+   audit change_profile /onexec -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+   audit change_profile /onexec -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+   audit change_profile /onexec -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+   audit change_profile /onexec -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+   audit change_profile /onexec -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+   audit change_profile /onexec -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+   audit change_profile /onexec -> "/bin/ ?ab",
+}
+

parser/tst/simple_tests/change_profile/onx_aa_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile /onexec -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_aa_ok_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile /onexec -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/onx_aa_ok_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile /onexec -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_aa_ok_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit allow change_profile /onexec -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/onx_aa_ok_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit allow change_profile /onexec -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/onx_aa_ok_6.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile /onexec -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile /onexec -> "/bin/ foo",
+}

parser/tst/simple_tests/change_profile/onx_aa_ok_7.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile /onexec -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile /onexec -> "/bin/foo// bar",
+}

parser/tst/simple_tests/change_profile/onx_aa_ok_8.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile /onexec -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile /onexec -> ":foo:/bin/ foo",
+}

parser/tst/simple_tests/change_profile/onx_aa_re_ok_1.sd

@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile /onexec -> /bin/*,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile /onexec -> /bin/**,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile /onexec -> /bin/?,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile /onexec -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile /onexec -> /bin/[^ab],
+}
+

parser/tst/simple_tests/change_profile/onx_aa_re_ok_2.sd

@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile /onexec -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile /onexec -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile /onexec -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile /onexec -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile /onexec -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile /onexec -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile /onexec -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile /onexec -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+   audit allow change_profile /onexec -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile /onexec -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile /onexec -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+   audit allow change_profile /onexec -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+   audit allow change_profile /onexec -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+   audit allow change_profile /onexec -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+   audit allow change_profile /onexec -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+   audit allow change_profile /onexec -> /bin/fo[^ab]//ba[^ab],
+}
+
+

parser/tst/simple_tests/change_profile/onx_aa_re_ok_3.sd

@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile /onexec -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile /onexec -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile /onexec -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile /onexec -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile /onexec -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile /onexec -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile /onexec -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile /onexec -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+   audit allow change_profile /onexec -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile /onexec -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile /onexec -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+   audit allow change_profile /onexec -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+   audit allow change_profile /onexec -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+   audit allow change_profile /onexec -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+   audit allow change_profile /onexec -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+   audit allow change_profile /onexec -> :fo[^ab]:/bin/fo[^ab],
+}

parser/tst/simple_tests/change_profile/onx_aa_re_ok_4.sd

@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   audit allow change_profile /onexec -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile /onexec -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile /onexec -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile /onexec -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile /onexec -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile /onexec -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile /onexec -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile /onexec -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+   audit allow change_profile /onexec -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile /onexec -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile /onexec -> @{LIBVIRT_RE}-fo[^ab],
+}

parser/tst/simple_tests/change_profile/onx_aa_re_ok_5.sd

@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit allow change_profile /onexec -> *,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile /onexec -> **,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile /onexec -> ?,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile /onexec -> [ab],
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile /onexec -> [^ab],
+}
+

parser/tst/simple_tests/change_profile/onx_aa_re_ok_6.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit allow change_profile /onexec -> *//ab,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile /onexec -> **//ab,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile /onexec -> ?//ab,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile /onexec -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile /onexec -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile /onexec -> ab//*,
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile /onexec -> ab//**,
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile /onexec -> ab//?,
+}
+
+/usr/bin/foo9 {
+   audit allow change_profile /onexec -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile /onexec -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile /onexec -> *//*,
+}
+
+/usr/bin/foo12 {
+   audit allow change_profile /onexec -> **//*,
+}
+
+/usr/bin/foo13 {
+   audit allow change_profile /onexec -> ?//*,
+}
+
+/usr/bin/foo14 {
+   audit allow change_profile /onexec -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+   audit allow change_profile /onexec -> [^ab]//*,
+}
+

parser/tst/simple_tests/change_profile/onx_aa_re_ok_7.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+   audit allow change_profile /onexec -> :ab:*,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile /onexec -> :ab:**,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile /onexec -> :ab:?,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile /onexec -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile /onexec -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile /onexec -> :*:ab,
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile /onexec -> :**:ab,
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile /onexec -> :?:ab,
+}
+
+/usr/bin/foo9 {
+   audit allow change_profile /onexec -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile /onexec -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile /onexec -> :*:*,
+}
+
+/usr/bin/foo12 {
+   audit allow change_profile /onexec -> :**:**,
+}
+
+/usr/bin/foo13 {
+   audit allow change_profile /onexec -> :?:?,
+}
+
+/usr/bin/foo14 {
+   audit allow change_profile /onexec -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+   audit allow change_profile /onexec -> :[^ab]:[^ab],
+}

parser/tst/simple_tests/change_profile/onx_aa_re_ok_8.sd

@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit allow change_profile /onexec re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+   audit allow change_profile /onexec -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile /onexec -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile /onexec -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile /onexec -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile /onexec -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile /onexec -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+   audit allow change_profile /onexec -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+   audit allow change_profile /onexec -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+   audit allow change_profile /onexec -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+   audit allow change_profile /onexec -> "/bin/ ?ab",
+}
+

parser/tst/simple_tests/change_profile/onx_aao_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_aao_bad_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/onx_aao_bad_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_aao_bad_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/onx_aao_bad_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/onx_aao_bad_6.sd

@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> "/bin/foo",
+}
+

parser/tst/simple_tests/change_profile/onx_aao_bad_7.sd

@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> "/bin/foo//bar",
+}
+

parser/tst/simple_tests/change_profile/onx_aao_bad_8.sd

@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> ":foo:/bin/foo",
+}
+

parser/tst/simple_tests/change_profile/onx_aao_re_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> /bin/*,
+}

parser/tst/simple_tests/change_profile/onx_aao_re_bad_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/onx_aao_re_bad_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_aao_re_bad_4.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> @{LIBVIRT}-fo*,
+}

parser/tst/simple_tests/change_profile/onx_aao_re_bad_5.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> *,
+}
+

parser/tst/simple_tests/change_profile/onx_aao_re_bad_6.sd

@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> *//ab,
+}

parser/tst/simple_tests/change_profile/onx_aao_re_bad_7.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+
+/usr/bin/foo {
+   audit allow owner change_profile /onexec -> :ab:*,
+}

parser/tst/simple_tests/change_profile/onx_aao_re_bad_8.sd

@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo5 {
+   audit allow owner change_profile /onexec -> "/bin/*",
+}

parser/tst/simple_tests/change_profile/onx_ad_bare_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile /onexec,
+}

parser/tst/simple_tests/change_profile/onx_ad_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile /onexec -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_ad_ok_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile /onexec -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/onx_ad_ok_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile /onexec -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_ad_ok_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit deny change_profile /onexec -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/onx_ad_ok_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit deny change_profile /onexec -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/onx_ad_ok_6.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile /onexec -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile /onexec -> "/bin/ foo",
+}

parser/tst/simple_tests/change_profile/onx_ad_ok_7.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile /onexec -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile /onexec -> "/bin/foo// bar",
+}

parser/tst/simple_tests/change_profile/onx_ad_ok_8.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile /onexec -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile /onexec -> ":foo:/bin/ foo",
+}

parser/tst/simple_tests/change_profile/onx_ad_re_ok_1.sd

@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile /onexec -> /bin/*,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile /onexec -> /bin/**,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile /onexec -> /bin/?,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile /onexec -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile /onexec -> /bin/[^ab],
+}
+

parser/tst/simple_tests/change_profile/onx_ad_re_ok_2.sd

@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile /onexec -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile /onexec -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile /onexec -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile /onexec -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile /onexec -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile /onexec -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile /onexec -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile /onexec -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+   audit deny change_profile /onexec -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile /onexec -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile /onexec -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+   audit deny change_profile /onexec -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+   audit deny change_profile /onexec -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+   audit deny change_profile /onexec -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+   audit deny change_profile /onexec -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+   audit deny change_profile /onexec -> /bin/fo[^ab]//ba[^ab],
+}
+
+

parser/tst/simple_tests/change_profile/onx_ad_re_ok_3.sd

@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile /onexec -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile /onexec -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile /onexec -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile /onexec -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile /onexec -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile /onexec -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile /onexec -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile /onexec -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+   audit deny change_profile /onexec -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile /onexec -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile /onexec -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+   audit deny change_profile /onexec -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+   audit deny change_profile /onexec -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+   audit deny change_profile /onexec -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+   audit deny change_profile /onexec -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+   audit deny change_profile /onexec -> :fo[^ab]:/bin/fo[^ab],
+}

parser/tst/simple_tests/change_profile/onx_ad_re_ok_4.sd

@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   audit deny change_profile /onexec -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile /onexec -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile /onexec -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile /onexec -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile /onexec -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile /onexec -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile /onexec -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile /onexec -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+   audit deny change_profile /onexec -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile /onexec -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile /onexec -> @{LIBVIRT_RE}-fo[^ab],
+}

parser/tst/simple_tests/change_profile/onx_ad_re_ok_5.sd

@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit deny change_profile /onexec -> *,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile /onexec -> **,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile /onexec -> ?,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile /onexec -> [ab],
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile /onexec -> [^ab],
+}
+

parser/tst/simple_tests/change_profile/onx_ad_re_ok_6.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit deny change_profile /onexec -> *//ab,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile /onexec -> **//ab,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile /onexec -> ?//ab,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile /onexec -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile /onexec -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile /onexec -> ab//*,
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile /onexec -> ab//**,
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile /onexec -> ab//?,
+}
+
+/usr/bin/foo9 {
+   audit deny change_profile /onexec -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile /onexec -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile /onexec -> *//*,
+}
+
+/usr/bin/foo12 {
+   audit deny change_profile /onexec -> **//*,
+}
+
+/usr/bin/foo13 {
+   audit deny change_profile /onexec -> ?//*,
+}
+
+/usr/bin/foo14 {
+   audit deny change_profile /onexec -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+   audit deny change_profile /onexec -> [^ab]//*,
+}
+

parser/tst/simple_tests/change_profile/onx_ad_re_ok_7.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+   audit deny change_profile /onexec -> :ab:*,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile /onexec -> :ab:**,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile /onexec -> :ab:?,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile /onexec -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile /onexec -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile /onexec -> :*:ab,
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile /onexec -> :**:ab,
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile /onexec -> :?:ab,
+}
+
+/usr/bin/foo9 {
+   audit deny change_profile /onexec -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile /onexec -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile /onexec -> :*:*,
+}
+
+/usr/bin/foo12 {
+   audit deny change_profile /onexec -> :**:**,
+}
+
+/usr/bin/foo13 {
+   audit deny change_profile /onexec -> :?:?,
+}
+
+/usr/bin/foo14 {
+   audit deny change_profile /onexec -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+   audit deny change_profile /onexec -> :[^ab]:[^ab],
+}

parser/tst/simple_tests/change_profile/onx_ad_re_ok_8.sd

@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit deny change_profile /onexec re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+   audit deny change_profile /onexec -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile /onexec -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile /onexec -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile /onexec -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile /onexec -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile /onexec -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+   audit deny change_profile /onexec -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+   audit deny change_profile /onexec -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+   audit deny change_profile /onexec -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+   audit deny change_profile /onexec -> "/bin/ ?ab",
+}
+

parser/tst/simple_tests/change_profile/onx_ado_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_ado_bad_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/onx_ado_bad_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_ado_bad_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/onx_ado_bad_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/onx_ado_bad_6.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> "/bin/foo",
+}

parser/tst/simple_tests/change_profile/onx_ado_bad_7.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> "/bin/foo//bar",
+}

parser/tst/simple_tests/change_profile/onx_ado_bad_8.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> ":foo:/bin/foo",
+}

parser/tst/simple_tests/change_profile/onx_ado_bare_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile /onexec,
+}

parser/tst/simple_tests/change_profile/onx_ado_re_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> /bin/*,
+}

parser/tst/simple_tests/change_profile/onx_ado_re_bad_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/onx_ado_re_bad_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_ado_re_bad_4.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> @{LIBVIRT}-fo*,
+}

parser/tst/simple_tests/change_profile/onx_ado_re_bad_5.sd

@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> *,
+}

parser/tst/simple_tests/change_profile/onx_ado_re_bad_6.sd

@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> *//ab,
+}

parser/tst/simple_tests/change_profile/onx_ado_re_bad_7.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+
+/usr/bin/foo {
+   audit deny owner change_profile /onexec -> :ab:*,
+}

parser/tst/simple_tests/change_profile/onx_ado_re_bad_8.sd

@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION owner not allowed in change_profile rule
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo5 {
+   audit deny owner change_profile /onexec -> "/bin/*",
+}

parser/tst/simple_tests/change_profile/onx_allow_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION allow change_profile /onexec
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile /onexec -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_allow_ok_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION allow change_profile /onexec to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile /onexec -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/onx_allow_ok_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION allow change_profile /onexec with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile /onexec -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/onx_allow_ok_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION allow change_profile /onexec with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   allow change_profile /onexec -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/onx_allow_ok_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION allow change_profile /onexec with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   allow change_profile /onexec -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/onx_allow_ok_6.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION allow change_profile /onexec with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile /onexec -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+   allow change_profile /onexec -> "/bin/ foo",
+}

parser/tst/simple_tests/change_profile/onx_allow_ok_7.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION allow change_profile /onexec to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile /onexec -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+   allow change_profile /onexec -> "/bin/foo// bar",
+}

parser/tst/simple_tests/change_profile/onx_allow_ok_8.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION allow change_profile /onexec with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile /onexec -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+   allow change_profile /onexec -> ":foo:/bin/ foo",
+}

parser/tst/simple_tests/change_profile/onx_allow_re_ok_1.sd

@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION allow change_profile /onexec
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile /onexec -> /bin/*,
+}
+
+/usr/bin/foo2 {
+   allow change_profile /onexec -> /bin/**,
+}
+
+/usr/bin/foo3 {
+   allow change_profile /onexec -> /bin/?,
+}
+
+/usr/bin/foo4 {
+   allow change_profile /onexec -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+   allow change_profile /onexec -> /bin/[^ab],
+}
+

parser/tst/simple_tests/change_profile/onx_allow_re_ok_2.sd

@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION allow change_profile /onexec to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile /onexec -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+   allow change_profile /onexec -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+   allow change_profile /onexec -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+   allow change_profile /onexec -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+   allow change_profile /onexec -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+   allow change_profile /onexec -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+   allow change_profile /onexec -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+   allow change_profile /onexec -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+   allow change_profile /onexec -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+   allow change_profile /onexec -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+   allow change_profile /onexec -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+   allow change_profile /onexec -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+   allow change_profile /onexec -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+   allow change_profile /onexec -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+   allow change_profile /onexec -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+   allow change_profile /onexec -> /bin/fo[^ab]//ba[^ab],
+}
+
+

parser/tst/simple_tests/change_profile/onx_allow_re_ok_3.sd

@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION allow change_profile /onexec with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile /onexec -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+   allow change_profile /onexec -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+   allow change_profile /onexec -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+   allow change_profile /onexec -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+   allow change_profile /onexec -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+   allow change_profile /onexec -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+   allow change_profile /onexec -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+   allow change_profile /onexec -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+   allow change_profile /onexec -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+   allow change_profile /onexec -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+   allow change_profile /onexec -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+   allow change_profile /onexec -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+   allow change_profile /onexec -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+   allow change_profile /onexec -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+   allow change_profile /onexec -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+   allow change_profile /onexec -> :fo[^ab]:/bin/fo[^ab],
+}

parser/tst/simple_tests/change_profile/onx_allow_re_ok_4.sd

@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION allow change_profile /onexec with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   allow change_profile /onexec -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+   allow change_profile /onexec -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+   allow change_profile /onexec -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+   allow change_profile /onexec -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+   allow change_profile /onexec -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+   allow change_profile /onexec -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+   allow change_profile /onexec -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+   allow change_profile /onexec -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+   allow change_profile /onexec -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+   allow change_profile /onexec -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+   allow change_profile /onexec -> @{LIBVIRT_RE}-fo[^ab],
+}

parser/tst/simple_tests/change_profile/onx_allow_re_ok_5.sd

@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION allow change_profile /onexec with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   allow change_profile /onexec -> *,
+}
+
+/usr/bin/foo2 {
+   allow change_profile /onexec -> **,
+}
+
+/usr/bin/foo3 {
+   allow change_profile /onexec -> ?,
+}
+
+/usr/bin/foo4 {
+   allow change_profile /onexec -> [ab],
+}
+
+/usr/bin/foo5 {
+   allow change_profile /onexec -> [^ab],
+}
+

parser/tst/simple_tests/change_profile/onx_allow_re_ok_6.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION allow change_profile /onexec with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   allow change_profile /onexec -> *//ab,
+}
+
+/usr/bin/foo2 {
+   allow change_profile /onexec -> **//ab,
+}
+
+/usr/bin/foo3 {
+   allow change_profile /onexec -> ?//ab,
+}
+
+/usr/bin/foo4 {
+   allow change_profile /onexec -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+   allow change_profile /onexec -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+   allow change_profile /onexec -> ab//*,
+}
+
+/usr/bin/foo7 {
+   allow change_profile /onexec -> ab//**,
+}
+
+/usr/bin/foo8 {
+   allow change_profile /onexec -> ab//?,
+}
+
+/usr/bin/foo9 {
+   allow change_profile /onexec -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+   allow change_profile /onexec -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+   allow change_profile /onexec -> *//*,
+}
+
+/usr/bin/foo12 {
+   allow change_profile /onexec -> **//*,
+}
+
+/usr/bin/foo13 {
+   allow change_profile /onexec -> ?//*,
+}
+
+/usr/bin/foo14 {
+   allow change_profile /onexec -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+   allow change_profile /onexec -> [^ab]//*,
+}
+

parser/tst/simple_tests/change_profile/onx_allow_re_ok_7.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION allow change_profile /onexec with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+   allow change_profile /onexec -> :ab:*,
+}
+
+/usr/bin/foo2 {
+   allow change_profile /onexec -> :ab:**,
+}
+
+/usr/bin/foo3 {
+   allow change_profile /onexec -> :ab:?,
+}
+
+/usr/bin/foo4 {
+   allow change_profile /onexec -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+   allow change_profile /onexec -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+   allow change_profile /onexec -> :*:ab,
+}
+
+/usr/bin/foo7 {
+   allow change_profile /onexec -> :**:ab,
+}
+
+/usr/bin/foo8 {
+   allow change_profile /onexec -> :?:ab,
+}
+
+/usr/bin/foo9 {
+   allow change_profile /onexec -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+   allow change_profile /onexec -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+   allow change_profile /onexec -> :*:*,
+}
+
+/usr/bin/foo12 {
+   allow change_profile /onexec -> :**:**,
+}
+
+/usr/bin/foo13 {
+   allow change_profile /onexec -> :?:?,
+}
+
+/usr/bin/foo14 {
+   allow change_profile /onexec -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+   allow change_profile /onexec -> :[^ab]:[^ab],
+}

parser/tst/simple_tests/change_profile/onx_allow_re_ok_8.sd

@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION allow change_profile /onexec re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+   allow change_profile /onexec -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+   allow change_profile /onexec -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+   allow change_profile /onexec -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+   allow change_profile /onexec -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+   allow change_profile /onexec -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+   allow change_profile /onexec -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+   allow change_profile /onexec -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+   allow change_profile /onexec -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+   allow change_profile /onexec -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+   allow change_profile /onexec -> "/bin/ ?ab",
+}
+