[apparmor] [PATCH 1/2] parser: Add ability to test the inequality of binary policies

[Tyler Hicks]

Previously, we only had the ability to test that binary policy files
were equal. This patch allows for the testing of binary policy files
that are not equal.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 parser/tst/equality.sh | 45 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 36 insertions(+), 9 deletions(-)

diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
index 6e1f8c2..1a5d9e5 100755
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@@ -32,24 +32,34 @@ hash_binary_policy()
 	return $?
 }
 
-# verify_binary_equality - compares the binary policy of multiple profiles
-# $1: A short description of the test
-# $2: The known-good profile
-# $3..$n: The profiles to compare against $2
+# verify_binary - compares the binary policy of multiple profiles
+# $1: Test type (equality or inequality)
+# $2: A short description of the test
+# $3: The known-good profile
+# $4..$n: The profiles to compare against $3
 #
 # Upon failure/error, prints out the test description and profiles that failed
 # and increments $fails or $errors for each failure and error, respectively
-verify_binary_equality()
+verify_binary()
 {
-	local desc=$1
-	local good_profile=$2
+	local t=$1
+	local desc=$2
+	local good_profile=$3
 	local good_hash
 	local ret=0
 
 	shift
 	shift
+	shift
 
-	printf "Binary equality %s" "$desc"
+	if [ "$t" != "equality" ] && [ "$t" != "inequality" ]
+	then
+		printf "\nERROR: Unknown test mode:\n%s\n\n" "$t" 1>&2
+		((errors++))
+		return $((ret + 1))
+	fi
+
+	printf "Binary %s %s" "$t" "$desc"
 	good_hash=$(hash_binary_policy "$good_profile")
 	if [ $? -ne 0 ]
 	then
@@ -68,13 +78,20 @@ verify_binary_equality()
 			       "$profile" 1>&2
 			((errors++))
 			((ret++))
-		elif [ "$hash" != "$good_hash" ]
+		elif [ "$t" == "equality" ] && [ "$hash" != "$good_hash" ]
 		then
 			printf "\nFAIL: Hash values do not match\n" 2>&1
 			printf "known-good (%s) != profile-under-test (%s) for the following profile:\n%s\n\n" \
 				"$good_hash" "$hash" "$profile" 1>&2
 			((fails++))
 			((ret++))
+		elif [ "$t" == "inequality" ] && [ "$hash" == "$good_hash" ]
+		then
+			printf "\nFAIL: Hash values match\n" 2>&1
+			printf "known-good (%s) == profile-under-test (%s) for the following profile:\n%s\n\n" \
+				"$good_hash" "$hash" "$profile" 1>&2
+			((fails++))
+			((ret++))
 		fi
 	done
 
@@ -86,6 +103,16 @@ verify_binary_equality()
 	return $ret
 }
 
+verify_binary_equality()
+{
+	verify_binary "equality" "$@"
+}
+
+verify_binary_inequality()
+{
+	verify_binary "inequality" "$@"
+}
+
 verify_binary_equality "dbus send" \
 	"/t { dbus send, }" \
 	"/t { dbus write, }" \
-- 
2.1.4