add support for rule prefixes to change_profile rules

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>

parser/parser_regex.c

@@ -492,6 +492,8 @@ static int process_profile_name_xmatch(Profile *prof)
 	return TRUE;
 }
 
+static int warn_change_profile = 1;
+
 static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
 {
 	std::string tbuf;
@@ -565,6 +567,14 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
 		std::string lbuf;
 		int index = 1;
 
+		if ((warnflags & WARN_RULE_DOWNGRADED) && entry->audit && warn_change_profile) {
+			/* don't have profile name here, so until this code
+			 * gets refactored just throw out a generic warning
+			 */
+			fprintf(stderr, "Warning kernel does not support audit modifier for change_profile rule.\n");
+			warn_change_profile = 0;
+		}
+
 		/* allow change_profile for all execs */
 		vec[0] = "/[^\\x00]*";
 
@@ -576,12 +586,12 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
 		vec[index++] = tbuf.c_str();
 
 		/* regular change_profile rule */
-		if (!dfarules->add_rule_vec(0, AA_CHANGE_PROFILE | AA_ONEXEC, 0, index - 1, &vec[1], dfaflags))
+		if (!dfarules->add_rule_vec(entry->deny, AA_CHANGE_PROFILE | AA_ONEXEC, 0, index - 1, &vec[1], dfaflags))
 			return FALSE;
 		/* onexec rules - both rules are needed for onexec */
-		if (!dfarules->add_rule_vec(0, AA_ONEXEC, 0, 1, vec, dfaflags))
+		if (!dfarules->add_rule_vec(entry->deny, AA_ONEXEC, 0, 1, vec, dfaflags))
 			return FALSE;
-		if (!dfarules->add_rule_vec(0, AA_ONEXEC, 0, index, vec, dfaflags))
+		if (!dfarules->add_rule_vec(entry->deny, AA_ONEXEC, 0, index, vec, dfaflags))
 			return FALSE;
 	}
 	return TRUE;

parser/parser_yacc.y

@@ -785,13 +785,23 @@ rules:  rules opt_prefix unix_rule
 		$$ = $1;
 	}
 
-rules:	rules change_profile
+rules:	rules opt_prefix change_profile
 	{
 		PDEBUG("matched: rules change_profile\n");
-		PDEBUG("rules change_profile: (%s)\n", $2->name);
-		if (!$2)
+		PDEBUG("rules change_profile: (%s)\n", $3->name);
+		if (!$3)
 			yyerror(_("Assert: `change_profile' returned NULL."));
-		add_entry_to_policy($1, $2);
+		if ($2.owner)
+			yyerror(_("owner prefix not allowed on unix rules"));
+		if ($2.deny && $2.audit) {
+			$3->deny = 1;
+		} else if ($2.deny) {
+			$3->deny = 1;
+			$3->audit = $3->mode;
+		} else if ($2.audit) {
+			$3->audit = $3->mode;
+		}
+		add_entry_to_policy($1, $3);
 		$$ = $1;
 	};
 

parser/tst/simple_tests/change_profile/a_bare_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile,
+}

parser/tst/simple_tests/change_profile/a_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/a_ok_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/a_ok_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/a_ok_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit change_profile -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/a_ok_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit change_profile with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/a_ok_6.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit change_profile with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit change_profile -> "/bin/ foo",
+}

parser/tst/simple_tests/change_profile/a_ok_7.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit change_profile to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+   audit change_profile -> "/bin/foo// bar",
+}

parser/tst/simple_tests/change_profile/a_ok_8.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit change_profile with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit change_profile -> ":foo:/bin/ foo",
+}

parser/tst/simple_tests/change_profile/a_re_ok_1.sd

@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+   audit change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+   audit change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+   audit change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+   audit change_profile -> /bin/[^ab],
+}
+

parser/tst/simple_tests/change_profile/a_re_ok_2.sd

@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+   audit change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+   audit change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+   audit change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+   audit change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+   audit change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+   audit change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+   audit change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+   audit change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+   audit change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+   audit change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+   audit change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+   audit change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+   audit change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+   audit change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+   audit change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+

parser/tst/simple_tests/change_profile/a_re_ok_3.sd

@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+   audit change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+   audit change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+   audit change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+   audit change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+   audit change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+   audit change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+   audit change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+   audit change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+   audit change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+   audit change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+   audit change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+   audit change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+   audit change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+   audit change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+   audit change_profile -> :fo[^ab]:/bin/fo[^ab],
+}

parser/tst/simple_tests/change_profile/a_re_ok_4.sd

@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   audit change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+   audit change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+   audit change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+   audit change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+   audit change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+   audit change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+   audit change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+   audit change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+   audit change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+   audit change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+   audit change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}

parser/tst/simple_tests/change_profile/a_re_ok_5.sd

@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit change_profile with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit change_profile -> *,
+}
+
+/usr/bin/foo2 {
+   audit change_profile -> **,
+}
+
+/usr/bin/foo3 {
+   audit change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+   audit change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+   audit change_profile -> [^ab],
+}
+

parser/tst/simple_tests/change_profile/a_re_ok_6.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit change_profile with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+   audit change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+   audit change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+   audit change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+   audit change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+   audit change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+   audit change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+   audit change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+   audit change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+   audit change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+   audit change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+   audit change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+   audit change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+   audit change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+   audit change_profile -> [^ab]//*,
+}
+

parser/tst/simple_tests/change_profile/a_re_ok_7.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit change_profile with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+   audit change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+   audit change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+   audit change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+   audit change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+   audit change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+   audit change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+   audit change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+   audit change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+   audit change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+   audit change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+   audit change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+   audit change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+   audit change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+   audit change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+   audit change_profile -> :[^ab]:[^ab],
+}

parser/tst/simple_tests/change_profile/a_re_ok_8.sd

@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit change_profile re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+   audit change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+   audit change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+   audit change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+   audit change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+   audit change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+   audit change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+   audit change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+   audit change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+   audit change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+   audit change_profile -> "/bin/ ?ab",
+}
+

parser/tst/simple_tests/change_profile/aa_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit allow change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/aa_ok_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit allow change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/aa_ok_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit allow change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/aa_ok_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit allow change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit allow change_profile -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/aa_ok_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit allow change_profile with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit allow change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/aa_ok_6.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit allow change_profile with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile -> "/bin/ foo",
+}

parser/tst/simple_tests/change_profile/aa_ok_7.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit allow change_profile to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile -> "/bin/foo// bar",
+}

parser/tst/simple_tests/change_profile/aa_ok_8.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit allow change_profile with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile -> ":foo:/bin/ foo",
+}

parser/tst/simple_tests/change_profile/aa_re_ok_1.sd

@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit allow change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile -> /bin/[^ab],
+}
+

parser/tst/simple_tests/change_profile/aa_re_ok_2.sd

@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit allow change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+   audit allow change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+   audit allow change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+   audit allow change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+   audit allow change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+   audit allow change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+   audit allow change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+

parser/tst/simple_tests/change_profile/aa_re_ok_3.sd

@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit allow change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit allow change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+   audit allow change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+   audit allow change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+   audit allow change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+   audit allow change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+   audit allow change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+   audit allow change_profile -> :fo[^ab]:/bin/fo[^ab],
+}

parser/tst/simple_tests/change_profile/aa_re_ok_4.sd

@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit allow change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   audit allow change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+   audit allow change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}

parser/tst/simple_tests/change_profile/aa_re_ok_5.sd

@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit allow change_profile with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit allow change_profile -> *,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile -> **,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile -> [^ab],
+}
+

parser/tst/simple_tests/change_profile/aa_re_ok_6.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit allow change_profile with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit allow change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+   audit allow change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+   audit allow change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+   audit allow change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+   audit allow change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+   audit allow change_profile -> [^ab]//*,
+}
+

parser/tst/simple_tests/change_profile/aa_re_ok_7.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit allow change_profile with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+   audit allow change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+   audit allow change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+   audit allow change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+   audit allow change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+   audit allow change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+   audit allow change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+   audit allow change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+   audit allow change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+   audit allow change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+   audit allow change_profile -> :[^ab]:[^ab],
+}

parser/tst/simple_tests/change_profile/aa_re_ok_8.sd

@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit allow change_profile re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+   audit allow change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+   audit allow change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+   audit allow change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+   audit allow change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+   audit allow change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+   audit allow change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+   audit allow change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+   audit allow change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+   audit allow change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+   audit allow change_profile -> "/bin/ ?ab",
+}
+

parser/tst/simple_tests/change_profile/aao_bad_6.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed on change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit allow owner change_profile -> "/bin/foo",
+}

parser/tst/simple_tests/change_profile/ad_bare_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile,
+}

parser/tst/simple_tests/change_profile/ad_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/ad_ok_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/ad_ok_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/ad_ok_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit deny change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit deny change_profile -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/ad_ok_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit deny change_profile with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   audit deny change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/ad_ok_6.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny change_profile with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile -> "/bin/ foo",
+}

parser/tst/simple_tests/change_profile/ad_ok_7.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny change_profile to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile -> "/bin/foo// bar",
+}

parser/tst/simple_tests/change_profile/ad_ok_8.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny change_profile with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile -> ":foo:/bin/ foo",
+}

parser/tst/simple_tests/change_profile/ad_re_ok_1.sd

@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile -> /bin/[^ab],
+}
+

parser/tst/simple_tests/change_profile/ad_re_ok_2.sd

@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit deny change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+   audit deny change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+   audit deny change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+   audit deny change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+   audit deny change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+   audit deny change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+   audit deny change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+

parser/tst/simple_tests/change_profile/ad_re_ok_3.sd

@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit deny change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   audit deny change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+   audit deny change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+   audit deny change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+   audit deny change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+   audit deny change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+   audit deny change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+   audit deny change_profile -> :fo[^ab]:/bin/fo[^ab],
+}

parser/tst/simple_tests/change_profile/ad_re_ok_4.sd

@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit deny change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   audit deny change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+   audit deny change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}

parser/tst/simple_tests/change_profile/ad_re_ok_5.sd

@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit deny change_profile with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit deny change_profile -> *,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile -> **,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile -> [^ab],
+}
+

parser/tst/simple_tests/change_profile/ad_re_ok_6.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit deny change_profile with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   audit deny change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+   audit deny change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+   audit deny change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+   audit deny change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+   audit deny change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+   audit deny change_profile -> [^ab]//*,
+}
+

parser/tst/simple_tests/change_profile/ad_re_ok_7.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit deny change_profile with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+   audit deny change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+   audit deny change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+   audit deny change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+   audit deny change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+   audit deny change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+   audit deny change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+   audit deny change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+   audit deny change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+   audit deny change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+   audit deny change_profile -> :[^ab]:[^ab],
+}

parser/tst/simple_tests/change_profile/ad_re_ok_8.sd

@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit deny change_profile re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+   audit deny change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+   audit deny change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+   audit deny change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+   audit deny change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+   audit deny change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+   audit deny change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+   audit deny change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+   audit deny change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+   audit deny change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+   audit deny change_profile -> "/bin/ ?ab",
+}
+

parser/tst/simple_tests/change_profile/ado_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed on change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/ado_bare_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit deny owner change_profile,
+}

parser/tst/simple_tests/change_profile/allow_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION allow change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/allow_ok_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION allow change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/allow_ok_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION allow change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/allow_ok_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION allow change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   allow change_profile -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/allow_ok_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION allow change_profile with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   allow change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/allow_ok_6.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION allow change_profile with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+   allow change_profile -> "/bin/ foo",
+}

parser/tst/simple_tests/change_profile/allow_ok_7.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION allow change_profile to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+   allow change_profile -> "/bin/foo// bar",
+}

parser/tst/simple_tests/change_profile/allow_ok_8.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION allow change_profile with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+   allow change_profile -> ":foo:/bin/ foo",
+}

parser/tst/simple_tests/change_profile/allow_re_ok_1.sd

@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION allow change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+   allow change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+   allow change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+   allow change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+   allow change_profile -> /bin/[^ab],
+}
+

parser/tst/simple_tests/change_profile/allow_re_ok_2.sd

@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION allow change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+   allow change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+   allow change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+   allow change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+   allow change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+   allow change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+   allow change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+   allow change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+   allow change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+   allow change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+   allow change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+   allow change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+   allow change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+   allow change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+   allow change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+   allow change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+

parser/tst/simple_tests/change_profile/allow_re_ok_3.sd

@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION allow change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   allow change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+   allow change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+   allow change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+   allow change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+   allow change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+   allow change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+   allow change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+   allow change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+   allow change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+   allow change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+   allow change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+   allow change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+   allow change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+   allow change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+   allow change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+   allow change_profile -> :fo[^ab]:/bin/fo[^ab],
+}

parser/tst/simple_tests/change_profile/allow_re_ok_4.sd

@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION allow change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   allow change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+   allow change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+   allow change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+   allow change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+   allow change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+   allow change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+   allow change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+   allow change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+   allow change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+   allow change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+   allow change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}

parser/tst/simple_tests/change_profile/allow_re_ok_5.sd

@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION allow change_profile with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   allow change_profile -> *,
+}
+
+/usr/bin/foo2 {
+   allow change_profile -> **,
+}
+
+/usr/bin/foo3 {
+   allow change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+   allow change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+   allow change_profile -> [^ab],
+}
+

parser/tst/simple_tests/change_profile/allow_re_ok_6.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION allow change_profile with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   allow change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+   allow change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+   allow change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+   allow change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+   allow change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+   allow change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+   allow change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+   allow change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+   allow change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+   allow change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+   allow change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+   allow change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+   allow change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+   allow change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+   allow change_profile -> [^ab]//*,
+}
+

parser/tst/simple_tests/change_profile/allow_re_ok_7.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION allow change_profile with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+   allow change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+   allow change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+   allow change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+   allow change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+   allow change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+   allow change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+   allow change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+   allow change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+   allow change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+   allow change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+   allow change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+   allow change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+   allow change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+   allow change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+   allow change_profile -> :[^ab]:[^ab],
+}

parser/tst/simple_tests/change_profile/allow_re_ok_8.sd

@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION allow change_profile re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+   allow change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+   allow change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+   allow change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+   allow change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+   allow change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+   allow change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+   allow change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+   allow change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+   allow change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+   allow change_profile -> "/bin/ ?ab",
+}
+

parser/tst/simple_tests/change_profile/allowo_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allow in change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   allow owner change_profile -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/ao_badh_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   audit owner change_profile -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/d_bare_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   deny change_profile,
+}

parser/tst/simple_tests/change_profile/d_ok_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   deny change_profile -> /bin/foo,
+}

parser/tst/simple_tests/change_profile/d_ok_2.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   deny change_profile -> /bin/foo//bar,
+}

parser/tst/simple_tests/change_profile/d_ok_3.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   deny change_profile -> :foo:/bin/foo,
+}

parser/tst/simple_tests/change_profile/d_ok_4.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION deny change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   deny change_profile -> @{LIBVIRT}-foo,
+}

parser/tst/simple_tests/change_profile/d_ok_5.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION deny change_profile with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+   deny change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}

parser/tst/simple_tests/change_profile/d_ok_6.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny change_profile with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   deny change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+   deny change_profile -> "/bin/ foo",
+}

parser/tst/simple_tests/change_profile/d_ok_7.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny change_profile to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   deny change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+   deny change_profile -> "/bin/foo// bar",
+}

parser/tst/simple_tests/change_profile/d_ok_8.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny change_profile with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   deny change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+   deny change_profile -> ":foo:/bin/ foo",
+}

parser/tst/simple_tests/change_profile/d_re_ok_1.sd

@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   deny change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+   deny change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+   deny change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+   deny change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+   deny change_profile -> /bin/[^ab],
+}
+

parser/tst/simple_tests/change_profile/d_re_ok_2.sd

@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION deny change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   deny change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+   deny change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+   deny change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+   deny change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+   deny change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+   deny change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+   deny change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+   deny change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+   deny change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+   deny change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+   deny change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+   deny change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+   deny change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+   deny change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+   deny change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+   deny change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+

parser/tst/simple_tests/change_profile/d_re_ok_3.sd

@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION deny change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   deny change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+   deny change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+   deny change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+   deny change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+   deny change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+   deny change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+   deny change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+   deny change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+   deny change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+   deny change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+   deny change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+   deny change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+   deny change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+   deny change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+   deny change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+   deny change_profile -> :fo[^ab]:/bin/fo[^ab],
+}

parser/tst/simple_tests/change_profile/d_re_ok_4.sd

@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION deny change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+   deny change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+   deny change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+   deny change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+   deny change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+   deny change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+   deny change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+   deny change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+   deny change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+   deny change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+   deny change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+   deny change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}

parser/tst/simple_tests/change_profile/d_re_ok_5.sd

@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION deny change_profile with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   deny change_profile -> *,
+}
+
+/usr/bin/foo2 {
+   deny change_profile -> **,
+}
+
+/usr/bin/foo3 {
+   deny change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+   deny change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+   deny change_profile -> [^ab],
+}
+

parser/tst/simple_tests/change_profile/d_re_ok_6.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION deny change_profile with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+   deny change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+   deny change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+   deny change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+   deny change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+   deny change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+   deny change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+   deny change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+   deny change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+   deny change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+   deny change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+   deny change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+   deny change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+   deny change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+   deny change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+   deny change_profile -> [^ab]//*,
+}
+

parser/tst/simple_tests/change_profile/d_re_ok_7.sd

@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION deny change_profile with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+   deny change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+   deny change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+   deny change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+   deny change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+   deny change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+   deny change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+   deny change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+   deny change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+   deny change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+   deny change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+   deny change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+   deny change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+   deny change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+   deny change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+   deny change_profile -> :[^ab]:[^ab],
+}

parser/tst/simple_tests/change_profile/d_re_ok_8.sd

@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION deny change_profile re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+   deny change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+   deny change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+   deny change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+   deny change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+   deny change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+   deny change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+   deny change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+   deny change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+   deny change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+   deny change_profile -> "/bin/ ?ab",
+}
+

parser/tst/simple_tests/change_profile/da_bare_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny audit in wrong order
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   deny audit change_profile,
+}

parser/tst/simple_tests/change_profile/do_bare_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   deny owner change_profile,
+}

parser/tst/simple_tests/change_profile/o_bad_1.sd

@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner not allowed in change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   owner change_profile -> /bin/foo,
+}