[apparmor] [PATCH 13/20] add support for rule prefixes to change_profile rules
John Johansen
john.johansen at canonical.com
Fri May 29 08:39:19 UTC 2015
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
parser/parser_regex.c | 16 ++++-
parser/parser_yacc.y | 18 ++++--
.../tst/simple_tests/change_profile/a_bare_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/a_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/a_ok_2.sd | 7 +++
parser/tst/simple_tests/change_profile/a_ok_3.sd | 7 +++
parser/tst/simple_tests/change_profile/a_ok_4.sd | 10 ++++
parser/tst/simple_tests/change_profile/a_ok_5.sd | 10 ++++
parser/tst/simple_tests/change_profile/a_ok_6.sd | 11 ++++
parser/tst/simple_tests/change_profile/a_ok_7.sd | 11 ++++
parser/tst/simple_tests/change_profile/a_ok_8.sd | 11 ++++
.../tst/simple_tests/change_profile/a_re_ok_1.sd | 24 ++++++++
.../tst/simple_tests/change_profile/a_re_ok_2.sd | 69 ++++++++++++++++++++++
.../tst/simple_tests/change_profile/a_re_ok_3.sd | 67 +++++++++++++++++++++
.../tst/simple_tests/change_profile/a_re_ok_4.sd | 51 ++++++++++++++++
.../tst/simple_tests/change_profile/a_re_ok_5.sd | 25 ++++++++
.../tst/simple_tests/change_profile/a_re_ok_6.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/a_re_ok_7.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/a_re_ok_8.sd | 45 ++++++++++++++
parser/tst/simple_tests/change_profile/aa_ok_1.sd | 0
parser/tst/simple_tests/change_profile/aa_ok_2.sd | 0
parser/tst/simple_tests/change_profile/aa_ok_3.sd | 0
parser/tst/simple_tests/change_profile/aa_ok_4.sd | 0
parser/tst/simple_tests/change_profile/aa_ok_5.sd | 0
parser/tst/simple_tests/change_profile/aa_ok_6.sd | 0
parser/tst/simple_tests/change_profile/aa_ok_7.sd | 0
parser/tst/simple_tests/change_profile/aa_ok_8.sd | 0
.../tst/simple_tests/change_profile/aa_re_ok_1.sd | 0
.../tst/simple_tests/change_profile/aa_re_ok_2.sd | 0
.../tst/simple_tests/change_profile/aa_re_ok_3.sd | 0
.../tst/simple_tests/change_profile/aa_re_ok_4.sd | 0
.../tst/simple_tests/change_profile/aa_re_ok_5.sd | 0
.../tst/simple_tests/change_profile/aa_re_ok_6.sd | 0
.../tst/simple_tests/change_profile/aa_re_ok_7.sd | 0
.../tst/simple_tests/change_profile/aa_re_ok_8.sd | 0
parser/tst/simple_tests/change_profile/aao_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/aao_ok_2.sd | 7 +++
parser/tst/simple_tests/change_profile/aao_ok_3.sd | 7 +++
parser/tst/simple_tests/change_profile/aao_ok_4.sd | 10 ++++
parser/tst/simple_tests/change_profile/aao_ok_5.sd | 10 ++++
parser/tst/simple_tests/change_profile/aao_ok_6.sd | 11 ++++
parser/tst/simple_tests/change_profile/aao_ok_7.sd | 11 ++++
parser/tst/simple_tests/change_profile/aao_ok_8.sd | 11 ++++
.../tst/simple_tests/change_profile/aao_re_ok_1.sd | 24 ++++++++
.../tst/simple_tests/change_profile/aao_re_ok_2.sd | 69 ++++++++++++++++++++++
.../tst/simple_tests/change_profile/aao_re_ok_3.sd | 67 +++++++++++++++++++++
.../tst/simple_tests/change_profile/aao_re_ok_4.sd | 51 ++++++++++++++++
.../tst/simple_tests/change_profile/aao_re_ok_5.sd | 25 ++++++++
.../tst/simple_tests/change_profile/aao_re_ok_6.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/aao_re_ok_7.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/aao_re_ok_8.sd | 45 ++++++++++++++
.../simple_tests/change_profile/ad_bare_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/ad_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/ad_ok_2.sd | 7 +++
parser/tst/simple_tests/change_profile/ad_ok_3.sd | 7 +++
parser/tst/simple_tests/change_profile/ad_ok_4.sd | 10 ++++
parser/tst/simple_tests/change_profile/ad_ok_5.sd | 10 ++++
parser/tst/simple_tests/change_profile/ad_ok_6.sd | 11 ++++
parser/tst/simple_tests/change_profile/ad_ok_7.sd | 11 ++++
parser/tst/simple_tests/change_profile/ad_ok_8.sd | 11 ++++
.../tst/simple_tests/change_profile/ad_re_ok_1.sd | 24 ++++++++
.../tst/simple_tests/change_profile/ad_re_ok_2.sd | 69 ++++++++++++++++++++++
.../tst/simple_tests/change_profile/ad_re_ok_3.sd | 67 +++++++++++++++++++++
.../tst/simple_tests/change_profile/ad_re_ok_4.sd | 51 ++++++++++++++++
.../tst/simple_tests/change_profile/ad_re_ok_5.sd | 25 ++++++++
.../tst/simple_tests/change_profile/ad_re_ok_6.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/ad_re_ok_7.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/ad_re_ok_8.sd | 45 ++++++++++++++
.../simple_tests/change_profile/ado_bare_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/ado_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/ado_ok_2.sd | 7 +++
parser/tst/simple_tests/change_profile/ado_ok_3.sd | 7 +++
parser/tst/simple_tests/change_profile/ado_ok_4.sd | 10 ++++
parser/tst/simple_tests/change_profile/ado_ok_5.sd | 10 ++++
parser/tst/simple_tests/change_profile/ado_ok_6.sd | 11 ++++
parser/tst/simple_tests/change_profile/ado_ok_7.sd | 11 ++++
parser/tst/simple_tests/change_profile/ado_ok_8.sd | 11 ++++
.../tst/simple_tests/change_profile/ado_re_ok_1.sd | 24 ++++++++
.../tst/simple_tests/change_profile/ado_re_ok_2.sd | 69 ++++++++++++++++++++++
.../tst/simple_tests/change_profile/ado_re_ok_3.sd | 67 +++++++++++++++++++++
.../tst/simple_tests/change_profile/ado_re_ok_4.sd | 51 ++++++++++++++++
.../tst/simple_tests/change_profile/ado_re_ok_5.sd | 25 ++++++++
.../tst/simple_tests/change_profile/ado_re_ok_6.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/ado_re_ok_7.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/ado_re_ok_8.sd | 45 ++++++++++++++
.../tst/simple_tests/change_profile/allow_ok_1.sd | 7 +++
.../tst/simple_tests/change_profile/allow_ok_2.sd | 7 +++
.../tst/simple_tests/change_profile/allow_ok_3.sd | 7 +++
.../tst/simple_tests/change_profile/allow_ok_4.sd | 10 ++++
.../tst/simple_tests/change_profile/allow_ok_5.sd | 10 ++++
.../tst/simple_tests/change_profile/allow_ok_6.sd | 11 ++++
.../tst/simple_tests/change_profile/allow_ok_7.sd | 11 ++++
.../tst/simple_tests/change_profile/allow_ok_8.sd | 11 ++++
.../simple_tests/change_profile/allow_re_ok_1.sd | 24 ++++++++
.../simple_tests/change_profile/allow_re_ok_2.sd | 69 ++++++++++++++++++++++
.../simple_tests/change_profile/allow_re_ok_3.sd | 67 +++++++++++++++++++++
.../simple_tests/change_profile/allow_re_ok_4.sd | 51 ++++++++++++++++
.../simple_tests/change_profile/allow_re_ok_5.sd | 25 ++++++++
.../simple_tests/change_profile/allow_re_ok_6.sd | 65 ++++++++++++++++++++
.../simple_tests/change_profile/allow_re_ok_7.sd | 65 ++++++++++++++++++++
.../simple_tests/change_profile/allow_re_ok_8.sd | 45 ++++++++++++++
.../tst/simple_tests/change_profile/allowo_ok_1.sd | 0
.../tst/simple_tests/change_profile/allowo_ok_2.sd | 0
.../tst/simple_tests/change_profile/allowo_ok_3.sd | 0
.../tst/simple_tests/change_profile/allowo_ok_4.sd | 0
.../tst/simple_tests/change_profile/allowo_ok_5.sd | 0
.../tst/simple_tests/change_profile/allowo_ok_6.sd | 0
.../tst/simple_tests/change_profile/allowo_ok_7.sd | 0
.../tst/simple_tests/change_profile/allowo_ok_8.sd | 0
.../simple_tests/change_profile/allowo_re_ok_1.sd | 0
.../simple_tests/change_profile/allowo_re_ok_2.sd | 0
.../simple_tests/change_profile/allowo_re_ok_3.sd | 0
.../simple_tests/change_profile/allowo_re_ok_4.sd | 0
.../simple_tests/change_profile/allowo_re_ok_5.sd | 0
.../simple_tests/change_profile/allowo_re_ok_6.sd | 0
.../simple_tests/change_profile/allowo_re_ok_7.sd | 0
.../simple_tests/change_profile/allowo_re_ok_8.sd | 0
.../simple_tests/change_profile/ao_bare_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/ao_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/ao_ok_2.sd | 7 +++
parser/tst/simple_tests/change_profile/ao_ok_3.sd | 7 +++
parser/tst/simple_tests/change_profile/ao_ok_4.sd | 10 ++++
parser/tst/simple_tests/change_profile/ao_ok_5.sd | 10 ++++
parser/tst/simple_tests/change_profile/ao_ok_6.sd | 11 ++++
parser/tst/simple_tests/change_profile/ao_ok_7.sd | 11 ++++
parser/tst/simple_tests/change_profile/ao_ok_8.sd | 11 ++++
.../tst/simple_tests/change_profile/ao_re_ok_1.sd | 24 ++++++++
.../tst/simple_tests/change_profile/ao_re_ok_2.sd | 69 ++++++++++++++++++++++
.../tst/simple_tests/change_profile/ao_re_ok_3.sd | 67 +++++++++++++++++++++
.../tst/simple_tests/change_profile/ao_re_ok_4.sd | 51 ++++++++++++++++
.../tst/simple_tests/change_profile/ao_re_ok_5.sd | 25 ++++++++
.../tst/simple_tests/change_profile/ao_re_ok_6.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/ao_re_ok_7.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/ao_re_ok_8.sd | 45 ++++++++++++++
.../tst/simple_tests/change_profile/d_bare_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/d_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/d_ok_2.sd | 7 +++
parser/tst/simple_tests/change_profile/d_ok_3.sd | 7 +++
parser/tst/simple_tests/change_profile/d_ok_4.sd | 10 ++++
parser/tst/simple_tests/change_profile/d_ok_5.sd | 10 ++++
parser/tst/simple_tests/change_profile/d_ok_6.sd | 11 ++++
parser/tst/simple_tests/change_profile/d_ok_7.sd | 11 ++++
parser/tst/simple_tests/change_profile/d_ok_8.sd | 11 ++++
.../tst/simple_tests/change_profile/d_re_ok_1.sd | 24 ++++++++
.../tst/simple_tests/change_profile/d_re_ok_2.sd | 69 ++++++++++++++++++++++
.../tst/simple_tests/change_profile/d_re_ok_3.sd | 67 +++++++++++++++++++++
.../tst/simple_tests/change_profile/d_re_ok_4.sd | 51 ++++++++++++++++
.../tst/simple_tests/change_profile/d_re_ok_5.sd | 25 ++++++++
.../tst/simple_tests/change_profile/d_re_ok_6.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/d_re_ok_7.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/d_re_ok_8.sd | 45 ++++++++++++++
.../simple_tests/change_profile/da_bare_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/da_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/da_ok_2.sd | 7 +++
parser/tst/simple_tests/change_profile/da_ok_3.sd | 7 +++
parser/tst/simple_tests/change_profile/da_ok_4.sd | 10 ++++
parser/tst/simple_tests/change_profile/da_ok_5.sd | 10 ++++
parser/tst/simple_tests/change_profile/da_ok_6.sd | 11 ++++
parser/tst/simple_tests/change_profile/da_ok_7.sd | 11 ++++
parser/tst/simple_tests/change_profile/da_ok_8.sd | 11 ++++
.../tst/simple_tests/change_profile/da_re_ok_1.sd | 24 ++++++++
.../tst/simple_tests/change_profile/da_re_ok_2.sd | 69 ++++++++++++++++++++++
.../tst/simple_tests/change_profile/da_re_ok_3.sd | 67 +++++++++++++++++++++
.../tst/simple_tests/change_profile/da_re_ok_4.sd | 51 ++++++++++++++++
.../tst/simple_tests/change_profile/da_re_ok_5.sd | 25 ++++++++
.../tst/simple_tests/change_profile/da_re_ok_6.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/da_re_ok_7.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/da_re_ok_8.sd | 45 ++++++++++++++
.../simple_tests/change_profile/do_bare_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/do_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/do_ok_2.sd | 7 +++
parser/tst/simple_tests/change_profile/do_ok_3.sd | 7 +++
parser/tst/simple_tests/change_profile/do_ok_4.sd | 10 ++++
parser/tst/simple_tests/change_profile/do_ok_5.sd | 10 ++++
parser/tst/simple_tests/change_profile/do_ok_6.sd | 11 ++++
parser/tst/simple_tests/change_profile/do_ok_7.sd | 11 ++++
parser/tst/simple_tests/change_profile/do_ok_8.sd | 11 ++++
.../tst/simple_tests/change_profile/do_re_ok_1.sd | 24 ++++++++
.../tst/simple_tests/change_profile/do_re_ok_2.sd | 69 ++++++++++++++++++++++
.../tst/simple_tests/change_profile/do_re_ok_3.sd | 67 +++++++++++++++++++++
.../tst/simple_tests/change_profile/do_re_ok_4.sd | 51 ++++++++++++++++
.../tst/simple_tests/change_profile/do_re_ok_5.sd | 25 ++++++++
.../tst/simple_tests/change_profile/do_re_ok_6.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/do_re_ok_7.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/do_re_ok_8.sd | 45 ++++++++++++++
.../tst/simple_tests/change_profile/o_bare_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/o_ok_1.sd | 7 +++
parser/tst/simple_tests/change_profile/o_ok_2.sd | 7 +++
parser/tst/simple_tests/change_profile/o_ok_3.sd | 7 +++
parser/tst/simple_tests/change_profile/o_ok_4.sd | 10 ++++
parser/tst/simple_tests/change_profile/o_ok_5.sd | 10 ++++
parser/tst/simple_tests/change_profile/o_ok_6.sd | 11 ++++
parser/tst/simple_tests/change_profile/o_ok_7.sd | 11 ++++
parser/tst/simple_tests/change_profile/o_ok_8.sd | 11 ++++
.../tst/simple_tests/change_profile/o_re_ok_1.sd | 24 ++++++++
.../tst/simple_tests/change_profile/o_re_ok_2.sd | 69 ++++++++++++++++++++++
.../tst/simple_tests/change_profile/o_re_ok_3.sd | 67 +++++++++++++++++++++
.../tst/simple_tests/change_profile/o_re_ok_4.sd | 51 ++++++++++++++++
.../tst/simple_tests/change_profile/o_re_ok_5.sd | 25 ++++++++
.../tst/simple_tests/change_profile/o_re_ok_6.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/o_re_ok_7.sd | 65 ++++++++++++++++++++
.../tst/simple_tests/change_profile/o_re_ok_8.sd | 45 ++++++++++++++
202 files changed, 4933 insertions(+), 7 deletions(-)
create mode 100644 parser/tst/simple_tests/change_profile/a_bare_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/a_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/aa_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/aao_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_bare_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/ad_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_bare_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/ado_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/allow_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/allowo_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_bare_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/ao_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_bare_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/d_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_bare_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/da_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_bare_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/do_re_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_bare_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_ok_8.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_re_ok_1.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_re_ok_2.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_re_ok_3.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_re_ok_4.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_re_ok_5.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_re_ok_6.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_re_ok_7.sd
create mode 100644 parser/tst/simple_tests/change_profile/o_re_ok_8.sd
diff --git a/parser/parser_regex.c b/parser/parser_regex.c
index 96f377a..3d5f28e 100644
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -492,6 +492,8 @@ static int process_profile_name_xmatch(Profile *prof)
return TRUE;
}
+static int warn_change_profile = 1;
+
static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
{
std::string tbuf;
@@ -565,6 +567,14 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
std::string lbuf;
int index = 1;
+ if ((warnflags & WARN_RULE_DOWNGRADED) && entry->audit && warn_change_profile) {
+ /* don't have profile name here, so until this code
+ * gets refactored just throw out a generic warning
+ */
+ fprintf(stderr, "Warning kernel does not support audit modifier for change_profile rule.\n");
+ warn_change_profile = 0;
+ }
+
/* allow change_profile for all execs */
vec[0] = "/[^\\x00]*";
@@ -576,12 +586,12 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
vec[index++] = tbuf.c_str();
/* regular change_profile rule */
- if (!dfarules->add_rule_vec(0, AA_CHANGE_PROFILE | AA_ONEXEC, 0, index - 1, &vec[1], dfaflags))
+ if (!dfarules->add_rule_vec(entry->deny, AA_CHANGE_PROFILE | AA_ONEXEC, 0, index - 1, &vec[1], dfaflags))
return FALSE;
/* onexec rules - both rules are needed for onexec */
- if (!dfarules->add_rule_vec(0, AA_ONEXEC, 0, 1, vec, dfaflags))
+ if (!dfarules->add_rule_vec(entry->deny, AA_ONEXEC, 0, 1, vec, dfaflags))
return FALSE;
- if (!dfarules->add_rule_vec(0, AA_ONEXEC, 0, index, vec, dfaflags))
+ if (!dfarules->add_rule_vec(entry->deny, AA_ONEXEC, 0, index, vec, dfaflags))
return FALSE;
}
return TRUE;
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index ce57153..df3ce15 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -785,13 +785,23 @@ rules: rules opt_prefix unix_rule
$$ = $1;
}
-rules: rules change_profile
+rules: rules opt_prefix change_profile
{
PDEBUG("matched: rules change_profile\n");
- PDEBUG("rules change_profile: (%s)\n", $2->name);
- if (!$2)
+ PDEBUG("rules change_profile: (%s)\n", $3->name);
+ if (!$3)
yyerror(_("Assert: `change_profile' returned NULL."));
- add_entry_to_policy($1, $2);
+ if ($2.owner)
+ yyerror(_("owner prefix not allowed on unix rules"));
+ if ($2.deny && $2.audit) {
+ $3->deny = 1;
+ } else if ($2.deny) {
+ $3->deny = 1;
+ $3->audit = $3->mode;
+ } else if ($2.audit) {
+ $3->audit = $3->mode;
+ }
+ add_entry_to_policy($1, $3);
$$ = $1;
};
diff --git a/parser/tst/simple_tests/change_profile/a_bare_ok_1.sd b/parser/tst/simple_tests/change_profile/a_bare_ok_1.sd
new file mode 100644
index 0000000..0763dc8
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_bare_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit change_profile,
+}
diff --git a/parser/tst/simple_tests/change_profile/a_ok_1.sd b/parser/tst/simple_tests/change_profile/a_ok_1.sd
new file mode 100644
index 0000000..8dcac5a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit change_profile -> /bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/a_ok_2.sd b/parser/tst/simple_tests/change_profile/a_ok_2.sd
new file mode 100644
index 0000000..5967dc8
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit change_profile -> /bin/foo//bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/a_ok_3.sd b/parser/tst/simple_tests/change_profile/a_ok_3.sd
new file mode 100644
index 0000000..fba4768
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit change_profile -> :foo:/bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/a_ok_4.sd b/parser/tst/simple_tests/change_profile/a_ok_4.sd
new file mode 100644
index 0000000..025d9d3
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_ok_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ audit change_profile -> @{LIBVIRT}-foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/a_ok_5.sd b/parser/tst/simple_tests/change_profile/a_ok_5.sd
new file mode 100644
index 0000000..9b336e5
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_ok_5.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit change_profile with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ audit change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}
diff --git a/parser/tst/simple_tests/change_profile/a_ok_6.sd b/parser/tst/simple_tests/change_profile/a_ok_6.sd
new file mode 100644
index 0000000..57684d1
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_ok_6.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit change_profile with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+ audit change_profile -> "/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/a_ok_7.sd b/parser/tst/simple_tests/change_profile/a_ok_7.sd
new file mode 100644
index 0000000..879be48
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_ok_7.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit change_profile to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+ audit change_profile -> "/bin/foo// bar",
+}
diff --git a/parser/tst/simple_tests/change_profile/a_ok_8.sd b/parser/tst/simple_tests/change_profile/a_ok_8.sd
new file mode 100644
index 0000000..01e6dc7
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_ok_8.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit change_profile with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+ audit change_profile -> ":foo:/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/a_re_ok_1.sd b/parser/tst/simple_tests/change_profile/a_re_ok_1.sd
new file mode 100644
index 0000000..3ff2991
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_re_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+ audit change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+ audit change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+ audit change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+ audit change_profile -> /bin/[^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/a_re_ok_2.sd b/parser/tst/simple_tests/change_profile/a_re_ok_2.sd
new file mode 100644
index 0000000..a113def
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_re_ok_2.sd
@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+ audit change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+ audit change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+ audit change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+ audit change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+ audit change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+ audit change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+ audit change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+ audit change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+ audit change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+ audit change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+ audit change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+ audit change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+ audit change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+ audit change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+ audit change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+
diff --git a/parser/tst/simple_tests/change_profile/a_re_ok_3.sd b/parser/tst/simple_tests/change_profile/a_re_ok_3.sd
new file mode 100644
index 0000000..d60133e
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_re_ok_3.sd
@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+ audit change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+ audit change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+ audit change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+ audit change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+ audit change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+ audit change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+ audit change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+ audit change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+ audit change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+ audit change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+ audit change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+ audit change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+ audit change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+ audit change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+ audit change_profile -> :fo[^ab]:/bin/fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/a_re_ok_4.sd b/parser/tst/simple_tests/change_profile/a_re_ok_4.sd
new file mode 100644
index 0000000..a379127
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_re_ok_4.sd
@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+ audit change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+ audit change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+ audit change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+ audit change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+ audit change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+ audit change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+ audit change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+ audit change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+ audit change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+ audit change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+ audit change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/a_re_ok_5.sd b/parser/tst/simple_tests/change_profile/a_re_ok_5.sd
new file mode 100644
index 0000000..5dc2020
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_re_ok_5.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit change_profile with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ audit change_profile -> *,
+}
+
+/usr/bin/foo2 {
+ audit change_profile -> **,
+}
+
+/usr/bin/foo3 {
+ audit change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+ audit change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+ audit change_profile -> [^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/a_re_ok_6.sd b/parser/tst/simple_tests/change_profile/a_re_ok_6.sd
new file mode 100644
index 0000000..436ee3c
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_re_ok_6.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit change_profile with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ audit change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+ audit change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+ audit change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+ audit change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+ audit change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+ audit change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+ audit change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+ audit change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+ audit change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+ audit change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+ audit change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+ audit change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+ audit change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+ audit change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+ audit change_profile -> [^ab]//*,
+}
+
diff --git a/parser/tst/simple_tests/change_profile/a_re_ok_7.sd b/parser/tst/simple_tests/change_profile/a_re_ok_7.sd
new file mode 100644
index 0000000..3452d3a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_re_ok_7.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit change_profile with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+ audit change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+ audit change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+ audit change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+ audit change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+ audit change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+ audit change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+ audit change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+ audit change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+ audit change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+ audit change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+ audit change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+ audit change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+ audit change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+ audit change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+ audit change_profile -> :[^ab]:[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/a_re_ok_8.sd b/parser/tst/simple_tests/change_profile/a_re_ok_8.sd
new file mode 100644
index 0000000..6948928
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/a_re_ok_8.sd
@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit change_profile re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+ audit change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+ audit change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+ audit change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+ audit change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+ audit change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+ audit change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+ audit change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+ audit change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+ audit change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+ audit change_profile -> "/bin/ ?ab",
+}
+
diff --git a/parser/tst/simple_tests/change_profile/aa_ok_1.sd b/parser/tst/simple_tests/change_profile/aa_ok_1.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_ok_2.sd b/parser/tst/simple_tests/change_profile/aa_ok_2.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_ok_3.sd b/parser/tst/simple_tests/change_profile/aa_ok_3.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_ok_4.sd b/parser/tst/simple_tests/change_profile/aa_ok_4.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_ok_5.sd b/parser/tst/simple_tests/change_profile/aa_ok_5.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_ok_6.sd b/parser/tst/simple_tests/change_profile/aa_ok_6.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_ok_7.sd b/parser/tst/simple_tests/change_profile/aa_ok_7.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_ok_8.sd b/parser/tst/simple_tests/change_profile/aa_ok_8.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_re_ok_1.sd b/parser/tst/simple_tests/change_profile/aa_re_ok_1.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_re_ok_2.sd b/parser/tst/simple_tests/change_profile/aa_re_ok_2.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_re_ok_3.sd b/parser/tst/simple_tests/change_profile/aa_re_ok_3.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_re_ok_4.sd b/parser/tst/simple_tests/change_profile/aa_re_ok_4.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_re_ok_5.sd b/parser/tst/simple_tests/change_profile/aa_re_ok_5.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_re_ok_6.sd b/parser/tst/simple_tests/change_profile/aa_re_ok_6.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_re_ok_7.sd b/parser/tst/simple_tests/change_profile/aa_re_ok_7.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aa_re_ok_8.sd b/parser/tst/simple_tests/change_profile/aa_re_ok_8.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/aao_ok_1.sd b/parser/tst/simple_tests/change_profile/aao_ok_1.sd
new file mode 100644
index 0000000..03f20cd
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit allow owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit allow owner change_profile -> /bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_ok_2.sd b/parser/tst/simple_tests/change_profile/aao_ok_2.sd
new file mode 100644
index 0000000..89d68b5
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit allow owner change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit allow owner change_profile -> /bin/foo//bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_ok_3.sd b/parser/tst/simple_tests/change_profile/aao_ok_3.sd
new file mode 100644
index 0000000..f620937
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit allow owner change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit allow owner change_profile -> :foo:/bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_ok_4.sd b/parser/tst/simple_tests/change_profile/aao_ok_4.sd
new file mode 100644
index 0000000..59e58d5
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_ok_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit allow owner change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ audit allow owner change_profile -> @{LIBVIRT}-foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_ok_5.sd b/parser/tst/simple_tests/change_profile/aao_ok_5.sd
new file mode 100644
index 0000000..2ddb9c4
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_ok_5.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit allow owner change_profile with variable+regex (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ audit allow owner change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_ok_6.sd b/parser/tst/simple_tests/change_profile/aao_ok_6.sd
new file mode 100644
index 0000000..58770fa
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_ok_6.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit allow owner change_profile with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit allow owner change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+ audit allow owner change_profile -> "/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_ok_7.sd b/parser/tst/simple_tests/change_profile/aao_ok_7.sd
new file mode 100644
index 0000000..1566725
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_ok_7.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit allow owner change_profile to a hat with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit allow owner change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+ audit allow owner change_profile -> "/bin/foo// bar",
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_ok_8.sd b/parser/tst/simple_tests/change_profile/aao_ok_8.sd
new file mode 100644
index 0000000..66db987
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_ok_8.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit allow owner change_profile with name space with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit allow owner change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+ audit allow owner change_profile -> ":foo:/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_re_ok_1.sd b/parser/tst/simple_tests/change_profile/aao_re_ok_1.sd
new file mode 100644
index 0000000..21ff4a2
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_re_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit allow owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit allow owner change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+ audit allow owner change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+ audit allow owner change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+ audit allow owner change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+ audit allow owner change_profile -> /bin/[^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/aao_re_ok_2.sd b/parser/tst/simple_tests/change_profile/aao_re_ok_2.sd
new file mode 100644
index 0000000..2ca6463
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_re_ok_2.sd
@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit allow owner change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit allow owner change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+ audit allow owner change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+ audit allow owner change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+ audit allow owner change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+ audit allow owner change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+ audit allow owner change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+ audit allow owner change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+ audit allow owner change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+ audit allow owner change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+ audit allow owner change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+ audit allow owner change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+ audit allow owner change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+ audit allow owner change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+ audit allow owner change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+ audit allow owner change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+ audit allow owner change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+
diff --git a/parser/tst/simple_tests/change_profile/aao_re_ok_3.sd b/parser/tst/simple_tests/change_profile/aao_re_ok_3.sd
new file mode 100644
index 0000000..8ce339f
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_re_ok_3.sd
@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit allow owner change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit allow owner change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+ audit allow owner change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+ audit allow owner change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+ audit allow owner change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+ audit allow owner change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+ audit allow owner change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+ audit allow owner change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+ audit allow owner change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+ audit allow owner change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+ audit allow owner change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+ audit allow owner change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+ audit allow owner change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+ audit allow owner change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+ audit allow owner change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+ audit allow owner change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+ audit allow owner change_profile -> :fo[^ab]:/bin/fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_re_ok_4.sd b/parser/tst/simple_tests/change_profile/aao_re_ok_4.sd
new file mode 100644
index 0000000..828d1f9
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_re_ok_4.sd
@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit allow owner change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+ audit allow owner change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+ audit allow owner change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+ audit allow owner change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+ audit allow owner change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+ audit allow owner change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+ audit allow owner change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+ audit allow owner change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+ audit allow owner change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+ audit allow owner change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+ audit allow owner change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+ audit allow owner change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_re_ok_5.sd b/parser/tst/simple_tests/change_profile/aao_re_ok_5.sd
new file mode 100644
index 0000000..0d9b919
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_re_ok_5.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit allow owner change_profile with just res
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ audit allow owner change_profile -> *,
+}
+
+/usr/bin/foo2 {
+ audit allow owner change_profile -> **,
+}
+
+/usr/bin/foo3 {
+ audit allow owner change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+ audit allow owner change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+ audit allow owner change_profile -> [^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/aao_re_ok_6.sd b/parser/tst/simple_tests/change_profile/aao_re_ok_6.sd
new file mode 100644
index 0000000..612da29
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_re_ok_6.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit allow owner change_profile with just res, child profile
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ audit allow owner change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+ audit allow owner change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+ audit allow owner change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+ audit allow owner change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+ audit allow owner change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+ audit allow owner change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+ audit allow owner change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+ audit allow owner change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+ audit allow owner change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+ audit allow owner change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+ audit allow owner change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+ audit allow owner change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+ audit allow owner change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+ audit allow owner change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+ audit allow owner change_profile -> [^ab]//*,
+}
+
diff --git a/parser/tst/simple_tests/change_profile/aao_re_ok_7.sd b/parser/tst/simple_tests/change_profile/aao_re_ok_7.sd
new file mode 100644
index 0000000..c1b900d
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_re_ok_7.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit allow owner change_profile with just re, namespace
+#=EXRESULT FAIL
+#
+
+
+/usr/bin/foo {
+ audit allow owner change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+ audit allow owner change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+ audit allow owner change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+ audit allow owner change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+ audit allow owner change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+ audit allow owner change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+ audit allow owner change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+ audit allow owner change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+ audit allow owner change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+ audit allow owner change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+ audit allow owner change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+ audit allow owner change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+ audit allow owner change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+ audit allow owner change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+ audit allow owner change_profile -> :[^ab]:[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/aao_re_ok_8.sd b/parser/tst/simple_tests/change_profile/aao_re_ok_8.sd
new file mode 100644
index 0000000..741002d
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/aao_re_ok_8.sd
@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit allow owner change_profile re with quotes
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo5 {
+ audit allow owner change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+ audit allow owner change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+ audit allow owner change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+ audit allow owner change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+ audit allow owner change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+ audit allow owner change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+ audit allow owner change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+ audit allow owner change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+ audit allow owner change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+ audit allow owner change_profile -> "/bin/ ?ab",
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ad_bare_ok_1.sd b/parser/tst/simple_tests/change_profile/ad_bare_ok_1.sd
new file mode 100644
index 0000000..e236803
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_bare_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny change_profile,
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_ok_1.sd b/parser/tst/simple_tests/change_profile/ad_ok_1.sd
new file mode 100644
index 0000000..7df874c
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny change_profile -> /bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_ok_2.sd b/parser/tst/simple_tests/change_profile/ad_ok_2.sd
new file mode 100644
index 0000000..9ca265a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny change_profile -> /bin/foo//bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_ok_3.sd b/parser/tst/simple_tests/change_profile/ad_ok_3.sd
new file mode 100644
index 0000000..ca95379
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny change_profile -> :foo:/bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_ok_4.sd b/parser/tst/simple_tests/change_profile/ad_ok_4.sd
new file mode 100644
index 0000000..368389d
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_ok_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit deny change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ audit deny change_profile -> @{LIBVIRT}-foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_ok_5.sd b/parser/tst/simple_tests/change_profile/ad_ok_5.sd
new file mode 100644
index 0000000..40ac167
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_ok_5.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit deny change_profile with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ audit deny change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_ok_6.sd b/parser/tst/simple_tests/change_profile/ad_ok_6.sd
new file mode 100644
index 0000000..cd0af01
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_ok_6.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny change_profile with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+ audit deny change_profile -> "/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_ok_7.sd b/parser/tst/simple_tests/change_profile/ad_ok_7.sd
new file mode 100644
index 0000000..c5c44d0
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_ok_7.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny change_profile to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+ audit deny change_profile -> "/bin/foo// bar",
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_ok_8.sd b/parser/tst/simple_tests/change_profile/ad_ok_8.sd
new file mode 100644
index 0000000..e2f04d7
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_ok_8.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny change_profile with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+ audit deny change_profile -> ":foo:/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_re_ok_1.sd b/parser/tst/simple_tests/change_profile/ad_re_ok_1.sd
new file mode 100644
index 0000000..15268bc
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_re_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+ audit deny change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+ audit deny change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+ audit deny change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+ audit deny change_profile -> /bin/[^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ad_re_ok_2.sd b/parser/tst/simple_tests/change_profile/ad_re_ok_2.sd
new file mode 100644
index 0000000..936f1de
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_re_ok_2.sd
@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit deny change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+ audit deny change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+ audit deny change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+ audit deny change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+ audit deny change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+ audit deny change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+ audit deny change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+ audit deny change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+ audit deny change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+ audit deny change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+ audit deny change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+ audit deny change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+ audit deny change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+ audit deny change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+ audit deny change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+ audit deny change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+
diff --git a/parser/tst/simple_tests/change_profile/ad_re_ok_3.sd b/parser/tst/simple_tests/change_profile/ad_re_ok_3.sd
new file mode 100644
index 0000000..00bb710
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_re_ok_3.sd
@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit deny change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+ audit deny change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+ audit deny change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+ audit deny change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+ audit deny change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+ audit deny change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+ audit deny change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+ audit deny change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+ audit deny change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+ audit deny change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+ audit deny change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+ audit deny change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+ audit deny change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+ audit deny change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+ audit deny change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+ audit deny change_profile -> :fo[^ab]:/bin/fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_re_ok_4.sd b/parser/tst/simple_tests/change_profile/ad_re_ok_4.sd
new file mode 100644
index 0000000..3e78370
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_re_ok_4.sd
@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit deny change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+ audit deny change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+ audit deny change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+ audit deny change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+ audit deny change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+ audit deny change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+ audit deny change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+ audit deny change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+ audit deny change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+ audit deny change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+ audit deny change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+ audit deny change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_re_ok_5.sd b/parser/tst/simple_tests/change_profile/ad_re_ok_5.sd
new file mode 100644
index 0000000..960d6ca
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_re_ok_5.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit deny change_profile with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ audit deny change_profile -> *,
+}
+
+/usr/bin/foo2 {
+ audit deny change_profile -> **,
+}
+
+/usr/bin/foo3 {
+ audit deny change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+ audit deny change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+ audit deny change_profile -> [^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ad_re_ok_6.sd b/parser/tst/simple_tests/change_profile/ad_re_ok_6.sd
new file mode 100644
index 0000000..b3ef1c6
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_re_ok_6.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit deny change_profile with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ audit deny change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+ audit deny change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+ audit deny change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+ audit deny change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+ audit deny change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+ audit deny change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+ audit deny change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+ audit deny change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+ audit deny change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+ audit deny change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+ audit deny change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+ audit deny change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+ audit deny change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+ audit deny change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+ audit deny change_profile -> [^ab]//*,
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ad_re_ok_7.sd b/parser/tst/simple_tests/change_profile/ad_re_ok_7.sd
new file mode 100644
index 0000000..db58ac4
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_re_ok_7.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit deny change_profile with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+ audit deny change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+ audit deny change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+ audit deny change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+ audit deny change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+ audit deny change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+ audit deny change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+ audit deny change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+ audit deny change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+ audit deny change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+ audit deny change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+ audit deny change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+ audit deny change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+ audit deny change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+ audit deny change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+ audit deny change_profile -> :[^ab]:[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/ad_re_ok_8.sd b/parser/tst/simple_tests/change_profile/ad_re_ok_8.sd
new file mode 100644
index 0000000..dd8aca3
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ad_re_ok_8.sd
@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit deny change_profile re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+ audit deny change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+ audit deny change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+ audit deny change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+ audit deny change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+ audit deny change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+ audit deny change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+ audit deny change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+ audit deny change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+ audit deny change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+ audit deny change_profile -> "/bin/ ?ab",
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ado_bare_ok_1.sd b/parser/tst/simple_tests/change_profile/ado_bare_ok_1.sd
new file mode 100644
index 0000000..2d5a7ca
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_bare_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit deny owner change_profile,
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_ok_1.sd b/parser/tst/simple_tests/change_profile/ado_ok_1.sd
new file mode 100644
index 0000000..5546aef
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit deny owner change_profile -> /bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_ok_2.sd b/parser/tst/simple_tests/change_profile/ado_ok_2.sd
new file mode 100644
index 0000000..c2ac041
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny owner change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit deny owner change_profile -> /bin/foo//bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_ok_3.sd b/parser/tst/simple_tests/change_profile/ado_ok_3.sd
new file mode 100644
index 0000000..4e07e98
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit deny owner change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit deny owner change_profile -> :foo:/bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_ok_4.sd b/parser/tst/simple_tests/change_profile/ado_ok_4.sd
new file mode 100644
index 0000000..151494f
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_ok_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit deny owner change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ audit deny owner change_profile -> @{LIBVIRT}-foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_ok_5.sd b/parser/tst/simple_tests/change_profile/ado_ok_5.sd
new file mode 100644
index 0000000..f912b8f
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_ok_5.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit deny owner change_profile with variable+regex (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ audit deny owner change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_ok_6.sd b/parser/tst/simple_tests/change_profile/ado_ok_6.sd
new file mode 100644
index 0000000..7feee12
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_ok_6.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny owner change_profile with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit deny owner change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+ audit deny owner change_profile -> "/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_ok_7.sd b/parser/tst/simple_tests/change_profile/ado_ok_7.sd
new file mode 100644
index 0000000..403b7bb
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_ok_7.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny owner change_profile to a hat with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit deny owner change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+ audit deny owner change_profile -> "/bin/foo// bar",
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_ok_8.sd b/parser/tst/simple_tests/change_profile/ado_ok_8.sd
new file mode 100644
index 0000000..2c5ebaa
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_ok_8.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit deny owner change_profile with name space with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit deny owner change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+ audit deny owner change_profile -> ":foo:/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_re_ok_1.sd b/parser/tst/simple_tests/change_profile/ado_re_ok_1.sd
new file mode 100644
index 0000000..a1b5c77
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_re_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit deny owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit deny owner change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+ audit deny owner change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+ audit deny owner change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+ audit deny owner change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+ audit deny owner change_profile -> /bin/[^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ado_re_ok_2.sd b/parser/tst/simple_tests/change_profile/ado_re_ok_2.sd
new file mode 100644
index 0000000..243ec1b
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_re_ok_2.sd
@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit deny owner change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit deny owner change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+ audit deny owner change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+ audit deny owner change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+ audit deny owner change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+ audit deny owner change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+ audit deny owner change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+ audit deny owner change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+ audit deny owner change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+ audit deny owner change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+ audit deny owner change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+ audit deny owner change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+ audit deny owner change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+ audit deny owner change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+ audit deny owner change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+ audit deny owner change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+ audit deny owner change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+
diff --git a/parser/tst/simple_tests/change_profile/ado_re_ok_3.sd b/parser/tst/simple_tests/change_profile/ado_re_ok_3.sd
new file mode 100644
index 0000000..23fc9d9
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_re_ok_3.sd
@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit deny owner change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit deny owner change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+ audit deny owner change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+ audit deny owner change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+ audit deny owner change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+ audit deny owner change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+ audit deny owner change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+ audit deny owner change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+ audit deny owner change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+ audit deny owner change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+ audit deny owner change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+ audit deny owner change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+ audit deny owner change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+ audit deny owner change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+ audit deny owner change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+ audit deny owner change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+ audit deny owner change_profile -> :fo[^ab]:/bin/fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_re_ok_4.sd b/parser/tst/simple_tests/change_profile/ado_re_ok_4.sd
new file mode 100644
index 0000000..94317f1
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_re_ok_4.sd
@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit deny owner change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+ audit deny owner change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+ audit deny owner change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+ audit deny owner change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+ audit deny owner change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+ audit deny owner change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+ audit deny owner change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+ audit deny owner change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+ audit deny owner change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+ audit deny owner change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+ audit deny owner change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+ audit deny owner change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_re_ok_5.sd b/parser/tst/simple_tests/change_profile/ado_re_ok_5.sd
new file mode 100644
index 0000000..5be81f3
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_re_ok_5.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit deny owner change_profile with just res
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ audit deny owner change_profile -> *,
+}
+
+/usr/bin/foo2 {
+ audit deny owner change_profile -> **,
+}
+
+/usr/bin/foo3 {
+ audit deny owner change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+ audit deny owner change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+ audit deny owner change_profile -> [^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ado_re_ok_6.sd b/parser/tst/simple_tests/change_profile/ado_re_ok_6.sd
new file mode 100644
index 0000000..632dc47
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_re_ok_6.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit deny owner change_profile with just res, child profile
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ audit deny owner change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+ audit deny owner change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+ audit deny owner change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+ audit deny owner change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+ audit deny owner change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+ audit deny owner change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+ audit deny owner change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+ audit deny owner change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+ audit deny owner change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+ audit deny owner change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+ audit deny owner change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+ audit deny owner change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+ audit deny owner change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+ audit deny owner change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+ audit deny owner change_profile -> [^ab]//*,
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ado_re_ok_7.sd b/parser/tst/simple_tests/change_profile/ado_re_ok_7.sd
new file mode 100644
index 0000000..66fa797
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_re_ok_7.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit deny owner change_profile with just re, namespace
+#=EXRESULT FAIL
+#
+
+
+/usr/bin/foo {
+ audit deny owner change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+ audit deny owner change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+ audit deny owner change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+ audit deny owner change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+ audit deny owner change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+ audit deny owner change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+ audit deny owner change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+ audit deny owner change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+ audit deny owner change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+ audit deny owner change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+ audit deny owner change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+ audit deny owner change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+ audit deny owner change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+ audit deny owner change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+ audit deny owner change_profile -> :[^ab]:[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/ado_re_ok_8.sd b/parser/tst/simple_tests/change_profile/ado_re_ok_8.sd
new file mode 100644
index 0000000..7ab3677
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ado_re_ok_8.sd
@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit deny owner change_profile re with quotes
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo5 {
+ audit deny owner change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+ audit deny owner change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+ audit deny owner change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+ audit deny owner change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+ audit deny owner change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+ audit deny owner change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+ audit deny owner change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+ audit deny owner change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+ audit deny owner change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+ audit deny owner change_profile -> "/bin/ ?ab",
+}
+
diff --git a/parser/tst/simple_tests/change_profile/allow_ok_1.sd b/parser/tst/simple_tests/change_profile/allow_ok_1.sd
new file mode 100644
index 0000000..77bec70
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION allow change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow change_profile -> /bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_ok_2.sd b/parser/tst/simple_tests/change_profile/allow_ok_2.sd
new file mode 100644
index 0000000..afa79e7
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION allow change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow change_profile -> /bin/foo//bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_ok_3.sd b/parser/tst/simple_tests/change_profile/allow_ok_3.sd
new file mode 100644
index 0000000..3a96d7f
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION allow change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow change_profile -> :foo:/bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_ok_4.sd b/parser/tst/simple_tests/change_profile/allow_ok_4.sd
new file mode 100644
index 0000000..668d422
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_ok_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION allow change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ allow change_profile -> @{LIBVIRT}-foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_ok_5.sd b/parser/tst/simple_tests/change_profile/allow_ok_5.sd
new file mode 100644
index 0000000..bd8aa5b
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_ok_5.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION allow change_profile with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ allow change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_ok_6.sd b/parser/tst/simple_tests/change_profile/allow_ok_6.sd
new file mode 100644
index 0000000..7ad9c5a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_ok_6.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION allow change_profile with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+ allow change_profile -> "/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_ok_7.sd b/parser/tst/simple_tests/change_profile/allow_ok_7.sd
new file mode 100644
index 0000000..9e23302
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_ok_7.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION allow change_profile to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+ allow change_profile -> "/bin/foo// bar",
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_ok_8.sd b/parser/tst/simple_tests/change_profile/allow_ok_8.sd
new file mode 100644
index 0000000..ee57c06
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_ok_8.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION allow change_profile with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+ allow change_profile -> ":foo:/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_re_ok_1.sd b/parser/tst/simple_tests/change_profile/allow_re_ok_1.sd
new file mode 100644
index 0000000..268cba2
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_re_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION allow change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+ allow change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+ allow change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+ allow change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+ allow change_profile -> /bin/[^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/allow_re_ok_2.sd b/parser/tst/simple_tests/change_profile/allow_re_ok_2.sd
new file mode 100644
index 0000000..76a5adb
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_re_ok_2.sd
@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION allow change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+ allow change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+ allow change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+ allow change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+ allow change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+ allow change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+ allow change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+ allow change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+ allow change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+ allow change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+ allow change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+ allow change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+ allow change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+ allow change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+ allow change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+ allow change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+
diff --git a/parser/tst/simple_tests/change_profile/allow_re_ok_3.sd b/parser/tst/simple_tests/change_profile/allow_re_ok_3.sd
new file mode 100644
index 0000000..b1dc557
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_re_ok_3.sd
@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION allow change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+ allow change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+ allow change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+ allow change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+ allow change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+ allow change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+ allow change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+ allow change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+ allow change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+ allow change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+ allow change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+ allow change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+ allow change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+ allow change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+ allow change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+ allow change_profile -> :fo[^ab]:/bin/fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_re_ok_4.sd b/parser/tst/simple_tests/change_profile/allow_re_ok_4.sd
new file mode 100644
index 0000000..b656b2f
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_re_ok_4.sd
@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION allow change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+ allow change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+ allow change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+ allow change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+ allow change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+ allow change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+ allow change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+ allow change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+ allow change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+ allow change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+ allow change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+ allow change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_re_ok_5.sd b/parser/tst/simple_tests/change_profile/allow_re_ok_5.sd
new file mode 100644
index 0000000..0a4a6e5
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_re_ok_5.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION allow change_profile with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ allow change_profile -> *,
+}
+
+/usr/bin/foo2 {
+ allow change_profile -> **,
+}
+
+/usr/bin/foo3 {
+ allow change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+ allow change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+ allow change_profile -> [^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/allow_re_ok_6.sd b/parser/tst/simple_tests/change_profile/allow_re_ok_6.sd
new file mode 100644
index 0000000..1ca4134
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_re_ok_6.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION allow change_profile with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ allow change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+ allow change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+ allow change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+ allow change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+ allow change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+ allow change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+ allow change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+ allow change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+ allow change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+ allow change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+ allow change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+ allow change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+ allow change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+ allow change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+ allow change_profile -> [^ab]//*,
+}
+
diff --git a/parser/tst/simple_tests/change_profile/allow_re_ok_7.sd b/parser/tst/simple_tests/change_profile/allow_re_ok_7.sd
new file mode 100644
index 0000000..6c6ee92
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_re_ok_7.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION allow change_profile with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+ allow change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+ allow change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+ allow change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+ allow change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+ allow change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+ allow change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+ allow change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+ allow change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+ allow change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+ allow change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+ allow change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+ allow change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+ allow change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+ allow change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+ allow change_profile -> :[^ab]:[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/allow_re_ok_8.sd b/parser/tst/simple_tests/change_profile/allow_re_ok_8.sd
new file mode 100644
index 0000000..985e7f2
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/allow_re_ok_8.sd
@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION allow change_profile re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+ allow change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+ allow change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+ allow change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+ allow change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+ allow change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+ allow change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+ allow change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+ allow change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+ allow change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+ allow change_profile -> "/bin/ ?ab",
+}
+
diff --git a/parser/tst/simple_tests/change_profile/allowo_ok_1.sd b/parser/tst/simple_tests/change_profile/allowo_ok_1.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_ok_2.sd b/parser/tst/simple_tests/change_profile/allowo_ok_2.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_ok_3.sd b/parser/tst/simple_tests/change_profile/allowo_ok_3.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_ok_4.sd b/parser/tst/simple_tests/change_profile/allowo_ok_4.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_ok_5.sd b/parser/tst/simple_tests/change_profile/allowo_ok_5.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_ok_6.sd b/parser/tst/simple_tests/change_profile/allowo_ok_6.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_ok_7.sd b/parser/tst/simple_tests/change_profile/allowo_ok_7.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_ok_8.sd b/parser/tst/simple_tests/change_profile/allowo_ok_8.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_re_ok_1.sd b/parser/tst/simple_tests/change_profile/allowo_re_ok_1.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_re_ok_2.sd b/parser/tst/simple_tests/change_profile/allowo_re_ok_2.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_re_ok_3.sd b/parser/tst/simple_tests/change_profile/allowo_re_ok_3.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_re_ok_4.sd b/parser/tst/simple_tests/change_profile/allowo_re_ok_4.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_re_ok_5.sd b/parser/tst/simple_tests/change_profile/allowo_re_ok_5.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_re_ok_6.sd b/parser/tst/simple_tests/change_profile/allowo_re_ok_6.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_re_ok_7.sd b/parser/tst/simple_tests/change_profile/allowo_re_ok_7.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/allowo_re_ok_8.sd b/parser/tst/simple_tests/change_profile/allowo_re_ok_8.sd
new file mode 100644
index 0000000..e69de29
diff --git a/parser/tst/simple_tests/change_profile/ao_bare_ok_1.sd b/parser/tst/simple_tests/change_profile/ao_bare_ok_1.sd
new file mode 100644
index 0000000..da8846e
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_bare_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit owner change_profile,
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_ok_1.sd b/parser/tst/simple_tests/change_profile/ao_ok_1.sd
new file mode 100644
index 0000000..546b71e
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit owner change_profile -> /bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_ok_2.sd b/parser/tst/simple_tests/change_profile/ao_ok_2.sd
new file mode 100644
index 0000000..b43e28a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit owner change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit owner change_profile -> /bin/foo//bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_ok_3.sd b/parser/tst/simple_tests/change_profile/ao_ok_3.sd
new file mode 100644
index 0000000..b175e82
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION audit owner change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit owner change_profile -> :foo:/bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_ok_4.sd b/parser/tst/simple_tests/change_profile/ao_ok_4.sd
new file mode 100644
index 0000000..450cd95
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_ok_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit owner change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ audit owner change_profile -> @{LIBVIRT}-foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_ok_5.sd b/parser/tst/simple_tests/change_profile/ao_ok_5.sd
new file mode 100644
index 0000000..24008b1
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_ok_5.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION audit owner change_profile with variable+regex (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ audit owner change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_ok_6.sd b/parser/tst/simple_tests/change_profile/ao_ok_6.sd
new file mode 100644
index 0000000..dc5e61f
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_ok_6.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit owner change_profile with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit owner change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+ audit owner change_profile -> "/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_ok_7.sd b/parser/tst/simple_tests/change_profile/ao_ok_7.sd
new file mode 100644
index 0000000..f3d4306
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_ok_7.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit owner change_profile to a hat with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit owner change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+ audit owner change_profile -> "/bin/foo// bar",
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_ok_8.sd b/parser/tst/simple_tests/change_profile/ao_ok_8.sd
new file mode 100644
index 0000000..238514c
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_ok_8.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION audit owner change_profile with name space with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit owner change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+ audit owner change_profile -> ":foo:/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_re_ok_1.sd b/parser/tst/simple_tests/change_profile/ao_re_ok_1.sd
new file mode 100644
index 0000000..7a0fe86
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_re_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION audit owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit owner change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+ audit owner change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+ audit owner change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+ audit owner change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+ audit owner change_profile -> /bin/[^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ao_re_ok_2.sd b/parser/tst/simple_tests/change_profile/ao_re_ok_2.sd
new file mode 100644
index 0000000..60d88a8
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_re_ok_2.sd
@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION audit owner change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit owner change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+ audit owner change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+ audit owner change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+ audit owner change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+ audit owner change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+ audit owner change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+ audit owner change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+ audit owner change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+ audit owner change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+ audit owner change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+ audit owner change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+ audit owner change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+ audit owner change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+ audit owner change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+ audit owner change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+ audit owner change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+
diff --git a/parser/tst/simple_tests/change_profile/ao_re_ok_3.sd b/parser/tst/simple_tests/change_profile/ao_re_ok_3.sd
new file mode 100644
index 0000000..64bc3fb
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_re_ok_3.sd
@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION audit owner change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ audit owner change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+ audit owner change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+ audit owner change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+ audit owner change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+ audit owner change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+ audit owner change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+ audit owner change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+ audit owner change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+ audit owner change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+ audit owner change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+ audit owner change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+ audit owner change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+ audit owner change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+ audit owner change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+ audit owner change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+ audit owner change_profile -> :fo[^ab]:/bin/fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_re_ok_4.sd b/parser/tst/simple_tests/change_profile/ao_re_ok_4.sd
new file mode 100644
index 0000000..dcc6ad0
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_re_ok_4.sd
@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION audit owner change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+ audit owner change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+ audit owner change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+ audit owner change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+ audit owner change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+ audit owner change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+ audit owner change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+ audit owner change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+ audit owner change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+ audit owner change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+ audit owner change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+ audit owner change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_re_ok_5.sd b/parser/tst/simple_tests/change_profile/ao_re_ok_5.sd
new file mode 100644
index 0000000..c836657
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_re_ok_5.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION audit owner change_profile with just res
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ audit owner change_profile -> *,
+}
+
+/usr/bin/foo2 {
+ audit owner change_profile -> **,
+}
+
+/usr/bin/foo3 {
+ audit owner change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+ audit owner change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+ audit owner change_profile -> [^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ao_re_ok_6.sd b/parser/tst/simple_tests/change_profile/ao_re_ok_6.sd
new file mode 100644
index 0000000..6607f1a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_re_ok_6.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit owner change_profile with just res, child profile
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ audit owner change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+ audit owner change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+ audit owner change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+ audit owner change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+ audit owner change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+ audit owner change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+ audit owner change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+ audit owner change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+ audit owner change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+ audit owner change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+ audit owner change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+ audit owner change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+ audit owner change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+ audit owner change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+ audit owner change_profile -> [^ab]//*,
+}
+
diff --git a/parser/tst/simple_tests/change_profile/ao_re_ok_7.sd b/parser/tst/simple_tests/change_profile/ao_re_ok_7.sd
new file mode 100644
index 0000000..a59eb3b
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_re_ok_7.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION audit owner change_profile with just re, namespace
+#=EXRESULT FAIL
+#
+
+
+/usr/bin/foo {
+ audit owner change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+ audit owner change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+ audit owner change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+ audit owner change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+ audit owner change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+ audit owner change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+ audit owner change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+ audit owner change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+ audit owner change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+ audit owner change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+ audit owner change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+ audit owner change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+ audit owner change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+ audit owner change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+ audit owner change_profile -> :[^ab]:[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/ao_re_ok_8.sd b/parser/tst/simple_tests/change_profile/ao_re_ok_8.sd
new file mode 100644
index 0000000..8cb0171
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/ao_re_ok_8.sd
@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION audit owner change_profile re with quotes
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo5 {
+ audit owner change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+ audit owner change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+ audit owner change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+ audit owner change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+ audit owner change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+ audit owner change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+ audit owner change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+ audit owner change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+ audit owner change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+ audit owner change_profile -> "/bin/ ?ab",
+}
+
diff --git a/parser/tst/simple_tests/change_profile/d_bare_ok_1.sd b/parser/tst/simple_tests/change_profile/d_bare_ok_1.sd
new file mode 100644
index 0000000..fcb0b5e
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_bare_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny change_profile,
+}
diff --git a/parser/tst/simple_tests/change_profile/d_ok_1.sd b/parser/tst/simple_tests/change_profile/d_ok_1.sd
new file mode 100644
index 0000000..be02ede
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny change_profile -> /bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/d_ok_2.sd b/parser/tst/simple_tests/change_profile/d_ok_2.sd
new file mode 100644
index 0000000..8004d88
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny change_profile -> /bin/foo//bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/d_ok_3.sd b/parser/tst/simple_tests/change_profile/d_ok_3.sd
new file mode 100644
index 0000000..1ce12ad
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny change_profile -> :foo:/bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/d_ok_4.sd b/parser/tst/simple_tests/change_profile/d_ok_4.sd
new file mode 100644
index 0000000..84269dc
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_ok_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION deny change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ deny change_profile -> @{LIBVIRT}-foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/d_ok_5.sd b/parser/tst/simple_tests/change_profile/d_ok_5.sd
new file mode 100644
index 0000000..a443277
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_ok_5.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION deny change_profile with variable+regex (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ deny change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}
diff --git a/parser/tst/simple_tests/change_profile/d_ok_6.sd b/parser/tst/simple_tests/change_profile/d_ok_6.sd
new file mode 100644
index 0000000..ef71d78
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_ok_6.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny change_profile with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+ deny change_profile -> "/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/d_ok_7.sd b/parser/tst/simple_tests/change_profile/d_ok_7.sd
new file mode 100644
index 0000000..4030e95
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_ok_7.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny change_profile to a hat with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+ deny change_profile -> "/bin/foo// bar",
+}
diff --git a/parser/tst/simple_tests/change_profile/d_ok_8.sd b/parser/tst/simple_tests/change_profile/d_ok_8.sd
new file mode 100644
index 0000000..cce3b32
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_ok_8.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny change_profile with name space with quotes
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+ deny change_profile -> ":foo:/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/d_re_ok_1.sd b/parser/tst/simple_tests/change_profile/d_re_ok_1.sd
new file mode 100644
index 0000000..975b9b4
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_re_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION deny change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+ deny change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+ deny change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+ deny change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+ deny change_profile -> /bin/[^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/d_re_ok_2.sd b/parser/tst/simple_tests/change_profile/d_re_ok_2.sd
new file mode 100644
index 0000000..8d7f695
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_re_ok_2.sd
@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION deny change_profile to a hat
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+ deny change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+ deny change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+ deny change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+ deny change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+ deny change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+ deny change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+ deny change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+ deny change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+ deny change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+ deny change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+ deny change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+ deny change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+ deny change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+ deny change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+ deny change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+
diff --git a/parser/tst/simple_tests/change_profile/d_re_ok_3.sd b/parser/tst/simple_tests/change_profile/d_re_ok_3.sd
new file mode 100644
index 0000000..0cfd4b1
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_re_ok_3.sd
@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION deny change_profile with name space
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+ deny change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+ deny change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+ deny change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+ deny change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+ deny change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+ deny change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+ deny change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+ deny change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+ deny change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+ deny change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+ deny change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+ deny change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+ deny change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+ deny change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+ deny change_profile -> :fo[^ab]:/bin/fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/d_re_ok_4.sd b/parser/tst/simple_tests/change_profile/d_re_ok_4.sd
new file mode 100644
index 0000000..5dcdd88
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_re_ok_4.sd
@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION deny change_profile with a variable (LP: #390810)
+#=EXRESULT PASS
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+ deny change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+ deny change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+ deny change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+ deny change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+ deny change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+ deny change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+ deny change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+ deny change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+ deny change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+ deny change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+ deny change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/d_re_ok_5.sd b/parser/tst/simple_tests/change_profile/d_re_ok_5.sd
new file mode 100644
index 0000000..0972013
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_re_ok_5.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION deny change_profile with just res
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ deny change_profile -> *,
+}
+
+/usr/bin/foo2 {
+ deny change_profile -> **,
+}
+
+/usr/bin/foo3 {
+ deny change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+ deny change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+ deny change_profile -> [^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/d_re_ok_6.sd b/parser/tst/simple_tests/change_profile/d_re_ok_6.sd
new file mode 100644
index 0000000..970ea0a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_re_ok_6.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION deny change_profile with just res, child profile
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ deny change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+ deny change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+ deny change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+ deny change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+ deny change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+ deny change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+ deny change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+ deny change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+ deny change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+ deny change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+ deny change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+ deny change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+ deny change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+ deny change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+ deny change_profile -> [^ab]//*,
+}
+
diff --git a/parser/tst/simple_tests/change_profile/d_re_ok_7.sd b/parser/tst/simple_tests/change_profile/d_re_ok_7.sd
new file mode 100644
index 0000000..5a2319a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_re_ok_7.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION deny change_profile with just re, namespace
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+ deny change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+ deny change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+ deny change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+ deny change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+ deny change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+ deny change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+ deny change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+ deny change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+ deny change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+ deny change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+ deny change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+ deny change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+ deny change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+ deny change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+ deny change_profile -> :[^ab]:[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/d_re_ok_8.sd b/parser/tst/simple_tests/change_profile/d_re_ok_8.sd
new file mode 100644
index 0000000..cda4bed
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/d_re_ok_8.sd
@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION deny change_profile re with quotes
+#=EXRESULT PASS
+#
+
+/usr/bin/foo5 {
+ deny change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+ deny change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+ deny change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+ deny change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+ deny change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+ deny change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+ deny change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+ deny change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+ deny change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+ deny change_profile -> "/bin/ ?ab",
+}
+
diff --git a/parser/tst/simple_tests/change_profile/da_bare_ok_1.sd b/parser/tst/simple_tests/change_profile/da_bare_ok_1.sd
new file mode 100644
index 0000000..8a746df
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_bare_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny audit change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny audit change_profile,
+}
diff --git a/parser/tst/simple_tests/change_profile/da_ok_1.sd b/parser/tst/simple_tests/change_profile/da_ok_1.sd
new file mode 100644
index 0000000..a674722
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny audit change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny audit change_profile -> /bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/da_ok_2.sd b/parser/tst/simple_tests/change_profile/da_ok_2.sd
new file mode 100644
index 0000000..6f6674c
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny audit change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny audit change_profile -> /bin/foo//bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/da_ok_3.sd b/parser/tst/simple_tests/change_profile/da_ok_3.sd
new file mode 100644
index 0000000..5ea2428
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny audit change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny audit change_profile -> :foo:/bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/da_ok_4.sd b/parser/tst/simple_tests/change_profile/da_ok_4.sd
new file mode 100644
index 0000000..f92b6af
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_ok_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION deny audit change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ deny audit change_profile -> @{LIBVIRT}-foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/da_ok_5.sd b/parser/tst/simple_tests/change_profile/da_ok_5.sd
new file mode 100644
index 0000000..0d690f1
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_ok_5.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION deny audit change_profile with variable+regex (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ deny audit change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}
diff --git a/parser/tst/simple_tests/change_profile/da_ok_6.sd b/parser/tst/simple_tests/change_profile/da_ok_6.sd
new file mode 100644
index 0000000..5c23af5
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_ok_6.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny audit change_profile with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny audit change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+ deny audit change_profile -> "/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/da_ok_7.sd b/parser/tst/simple_tests/change_profile/da_ok_7.sd
new file mode 100644
index 0000000..573577a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_ok_7.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny audit change_profile to a hat with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny audit change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+ deny audit change_profile -> "/bin/foo// bar",
+}
diff --git a/parser/tst/simple_tests/change_profile/da_ok_8.sd b/parser/tst/simple_tests/change_profile/da_ok_8.sd
new file mode 100644
index 0000000..9858ef8
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_ok_8.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny audit change_profile with name space with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny audit change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+ deny audit change_profile -> ":foo:/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/da_re_ok_1.sd b/parser/tst/simple_tests/change_profile/da_re_ok_1.sd
new file mode 100644
index 0000000..a98ceb8
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_re_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION deny audit change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny audit change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+ deny audit change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+ deny audit change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+ deny audit change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+ deny audit change_profile -> /bin/[^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/da_re_ok_2.sd b/parser/tst/simple_tests/change_profile/da_re_ok_2.sd
new file mode 100644
index 0000000..40c4550
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_re_ok_2.sd
@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION deny audit change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny audit change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+ deny audit change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+ deny audit change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+ deny audit change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+ deny audit change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+ deny audit change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+ deny audit change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+ deny audit change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+ deny audit change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+ deny audit change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+ deny audit change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+ deny audit change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+ deny audit change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+ deny audit change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+ deny audit change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+ deny audit change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+
diff --git a/parser/tst/simple_tests/change_profile/da_re_ok_3.sd b/parser/tst/simple_tests/change_profile/da_re_ok_3.sd
new file mode 100644
index 0000000..a2f229a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_re_ok_3.sd
@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION deny audit change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny audit change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+ deny audit change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+ deny audit change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+ deny audit change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+ deny audit change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+ deny audit change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+ deny audit change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+ deny audit change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+ deny audit change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+ deny audit change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+ deny audit change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+ deny audit change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+ deny audit change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+ deny audit change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+ deny audit change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+ deny audit change_profile -> :fo[^ab]:/bin/fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/da_re_ok_4.sd b/parser/tst/simple_tests/change_profile/da_re_ok_4.sd
new file mode 100644
index 0000000..d32fce8
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_re_ok_4.sd
@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION deny audit change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+ deny audit change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+ deny audit change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+ deny audit change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+ deny audit change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+ deny audit change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+ deny audit change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+ deny audit change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+ deny audit change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+ deny audit change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+ deny audit change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+ deny audit change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/da_re_ok_5.sd b/parser/tst/simple_tests/change_profile/da_re_ok_5.sd
new file mode 100644
index 0000000..cf421f6
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_re_ok_5.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION deny audit change_profile with just res
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ deny audit change_profile -> *,
+}
+
+/usr/bin/foo2 {
+ deny audit change_profile -> **,
+}
+
+/usr/bin/foo3 {
+ deny audit change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+ deny audit change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+ deny audit change_profile -> [^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/da_re_ok_6.sd b/parser/tst/simple_tests/change_profile/da_re_ok_6.sd
new file mode 100644
index 0000000..04096ec
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_re_ok_6.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION deny audit change_profile with just res, child profile
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ deny audit change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+ deny audit change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+ deny audit change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+ deny audit change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+ deny audit change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+ deny audit change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+ deny audit change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+ deny audit change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+ deny audit change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+ deny audit change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+ deny audit change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+ deny audit change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+ deny audit change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+ deny audit change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+ deny audit change_profile -> [^ab]//*,
+}
+
diff --git a/parser/tst/simple_tests/change_profile/da_re_ok_7.sd b/parser/tst/simple_tests/change_profile/da_re_ok_7.sd
new file mode 100644
index 0000000..b676934
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_re_ok_7.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION deny audit change_profile with just re, namespace
+#=EXRESULT FAIL
+#
+
+
+/usr/bin/foo {
+ deny audit change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+ deny audit change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+ deny audit change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+ deny audit change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+ deny audit change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+ deny audit change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+ deny audit change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+ deny audit change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+ deny audit change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+ deny audit change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+ deny audit change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+ deny audit change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+ deny audit change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+ deny audit change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+ deny audit change_profile -> :[^ab]:[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/da_re_ok_8.sd b/parser/tst/simple_tests/change_profile/da_re_ok_8.sd
new file mode 100644
index 0000000..d6e5ce2
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/da_re_ok_8.sd
@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION deny audit change_profile re with quotes
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo5 {
+ deny audit change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+ deny audit change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+ deny audit change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+ deny audit change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+ deny audit change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+ deny audit change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+ deny audit change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+ deny audit change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+ deny audit change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+ deny audit change_profile -> "/bin/ ?ab",
+}
+
diff --git a/parser/tst/simple_tests/change_profile/do_bare_ok_1.sd b/parser/tst/simple_tests/change_profile/do_bare_ok_1.sd
new file mode 100644
index 0000000..1bbb68b
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_bare_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny owner change_profile,
+}
diff --git a/parser/tst/simple_tests/change_profile/do_ok_1.sd b/parser/tst/simple_tests/change_profile/do_ok_1.sd
new file mode 100644
index 0000000..936b9de
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny owner change_profile -> /bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/do_ok_2.sd b/parser/tst/simple_tests/change_profile/do_ok_2.sd
new file mode 100644
index 0000000..5911c3e
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny owner change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny owner change_profile -> /bin/foo//bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/do_ok_3.sd b/parser/tst/simple_tests/change_profile/do_ok_3.sd
new file mode 100644
index 0000000..035c985
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION deny owner change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny owner change_profile -> :foo:/bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/do_ok_4.sd b/parser/tst/simple_tests/change_profile/do_ok_4.sd
new file mode 100644
index 0000000..7d38642
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_ok_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION deny owner change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ deny owner change_profile -> @{LIBVIRT}-foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/do_ok_5.sd b/parser/tst/simple_tests/change_profile/do_ok_5.sd
new file mode 100644
index 0000000..ebe9aca
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_ok_5.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION deny owner change_profile with variable+regex (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ deny owner change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}
diff --git a/parser/tst/simple_tests/change_profile/do_ok_6.sd b/parser/tst/simple_tests/change_profile/do_ok_6.sd
new file mode 100644
index 0000000..43b8884
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_ok_6.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny owner change_profile with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny owner change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+ deny owner change_profile -> "/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/do_ok_7.sd b/parser/tst/simple_tests/change_profile/do_ok_7.sd
new file mode 100644
index 0000000..961e2dc
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_ok_7.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny owner change_profile to a hat with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny owner change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+ deny owner change_profile -> "/bin/foo// bar",
+}
diff --git a/parser/tst/simple_tests/change_profile/do_ok_8.sd b/parser/tst/simple_tests/change_profile/do_ok_8.sd
new file mode 100644
index 0000000..6bb3bfb
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_ok_8.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION deny owner change_profile with name space with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny owner change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+ deny owner change_profile -> ":foo:/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/do_re_ok_1.sd b/parser/tst/simple_tests/change_profile/do_re_ok_1.sd
new file mode 100644
index 0000000..2e34dfd
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_re_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION deny owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny owner change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+ deny owner change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+ deny owner change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+ deny owner change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+ deny owner change_profile -> /bin/[^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/do_re_ok_2.sd b/parser/tst/simple_tests/change_profile/do_re_ok_2.sd
new file mode 100644
index 0000000..d036778
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_re_ok_2.sd
@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION deny owner change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny owner change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+ deny owner change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+ deny owner change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+ deny owner change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+ deny owner change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+ deny owner change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+ deny owner change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+ deny owner change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+ deny owner change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+ deny owner change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+ deny owner change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+ deny owner change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+ deny owner change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+ deny owner change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+ deny owner change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+ deny owner change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+
diff --git a/parser/tst/simple_tests/change_profile/do_re_ok_3.sd b/parser/tst/simple_tests/change_profile/do_re_ok_3.sd
new file mode 100644
index 0000000..0b18b96
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_re_ok_3.sd
@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION deny owner change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ deny owner change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+ deny owner change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+ deny owner change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+ deny owner change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+ deny owner change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+ deny owner change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+ deny owner change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+ deny owner change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+ deny owner change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+ deny owner change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+ deny owner change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+ deny owner change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+ deny owner change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+ deny owner change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+ deny owner change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+ deny owner change_profile -> :fo[^ab]:/bin/fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/do_re_ok_4.sd b/parser/tst/simple_tests/change_profile/do_re_ok_4.sd
new file mode 100644
index 0000000..72df117
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_re_ok_4.sd
@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION deny owner change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+ deny owner change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+ deny owner change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+ deny owner change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+ deny owner change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+ deny owner change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+ deny owner change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+ deny owner change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+ deny owner change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+ deny owner change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+ deny owner change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+ deny owner change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/do_re_ok_5.sd b/parser/tst/simple_tests/change_profile/do_re_ok_5.sd
new file mode 100644
index 0000000..cb464bd
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_re_ok_5.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION deny owner change_profile with just res
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ deny owner change_profile -> *,
+}
+
+/usr/bin/foo2 {
+ deny owner change_profile -> **,
+}
+
+/usr/bin/foo3 {
+ deny owner change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+ deny owner change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+ deny owner change_profile -> [^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/do_re_ok_6.sd b/parser/tst/simple_tests/change_profile/do_re_ok_6.sd
new file mode 100644
index 0000000..9a1504e
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_re_ok_6.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION deny owner change_profile with just res, child profile
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ deny owner change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+ deny owner change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+ deny owner change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+ deny owner change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+ deny owner change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+ deny owner change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+ deny owner change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+ deny owner change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+ deny owner change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+ deny owner change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+ deny owner change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+ deny owner change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+ deny owner change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+ deny owner change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+ deny owner change_profile -> [^ab]//*,
+}
+
diff --git a/parser/tst/simple_tests/change_profile/do_re_ok_7.sd b/parser/tst/simple_tests/change_profile/do_re_ok_7.sd
new file mode 100644
index 0000000..3fea263
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_re_ok_7.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION deny owner change_profile with just re, namespace
+#=EXRESULT FAIL
+#
+
+
+/usr/bin/foo {
+ deny owner change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+ deny owner change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+ deny owner change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+ deny owner change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+ deny owner change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+ deny owner change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+ deny owner change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+ deny owner change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+ deny owner change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+ deny owner change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+ deny owner change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+ deny owner change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+ deny owner change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+ deny owner change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+ deny owner change_profile -> :[^ab]:[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/do_re_ok_8.sd b/parser/tst/simple_tests/change_profile/do_re_ok_8.sd
new file mode 100644
index 0000000..d5653cc
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/do_re_ok_8.sd
@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION deny owner change_profile re with quotes
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo5 {
+ deny owner change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+ deny owner change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+ deny owner change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+ deny owner change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+ deny owner change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+ deny owner change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+ deny owner change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+ deny owner change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+ deny owner change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+ deny owner change_profile -> "/bin/ ?ab",
+}
+
diff --git a/parser/tst/simple_tests/change_profile/o_bare_ok_1.sd b/parser/tst/simple_tests/change_profile/o_bare_ok_1.sd
new file mode 100644
index 0000000..abb7fd1
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_bare_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner change_profile,
+}
diff --git a/parser/tst/simple_tests/change_profile/o_ok_1.sd b/parser/tst/simple_tests/change_profile/o_ok_1.sd
new file mode 100644
index 0000000..139ca06
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner change_profile -> /bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/o_ok_2.sd b/parser/tst/simple_tests/change_profile/o_ok_2.sd
new file mode 100644
index 0000000..988f129
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner change_profile -> /bin/foo//bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/o_ok_3.sd b/parser/tst/simple_tests/change_profile/o_ok_3.sd
new file mode 100644
index 0000000..3ab1077
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION owner change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner change_profile -> :foo:/bin/foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/o_ok_4.sd b/parser/tst/simple_tests/change_profile/o_ok_4.sd
new file mode 100644
index 0000000..58f3900
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_ok_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION owner change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ owner change_profile -> @{LIBVIRT}-foo,
+}
diff --git a/parser/tst/simple_tests/change_profile/o_ok_5.sd b/parser/tst/simple_tests/change_profile/o_ok_5.sd
new file mode 100644
index 0000000..28f979d
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_ok_5.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION owner change_profile with variable+regex (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+
+/usr/bin/foo {
+ owner change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+}
diff --git a/parser/tst/simple_tests/change_profile/o_ok_6.sd b/parser/tst/simple_tests/change_profile/o_ok_6.sd
new file mode 100644
index 0000000..d10c379
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_ok_6.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION owner change_profile with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner change_profile -> "/bin/foo",
+}
+
+/usr/bin/foo2 {
+ owner change_profile -> "/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/o_ok_7.sd b/parser/tst/simple_tests/change_profile/o_ok_7.sd
new file mode 100644
index 0000000..18dc44a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_ok_7.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION owner change_profile to a hat with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner change_profile -> "/bin/foo//bar",
+}
+
+/usr/bin/foo2 {
+ owner change_profile -> "/bin/foo// bar",
+}
diff --git a/parser/tst/simple_tests/change_profile/o_ok_8.sd b/parser/tst/simple_tests/change_profile/o_ok_8.sd
new file mode 100644
index 0000000..0046fb5
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_ok_8.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION owner change_profile with name space with quotes
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner change_profile -> ":foo:/bin/foo",
+}
+
+/usr/bin/foo2 {
+ owner change_profile -> ":foo:/bin/ foo",
+}
diff --git a/parser/tst/simple_tests/change_profile/o_re_ok_1.sd b/parser/tst/simple_tests/change_profile/o_re_ok_1.sd
new file mode 100644
index 0000000..cea35d2
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_re_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION owner change_profile
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner change_profile -> /bin/*,
+}
+
+/usr/bin/foo2 {
+ owner change_profile -> /bin/**,
+}
+
+/usr/bin/foo3 {
+ owner change_profile -> /bin/?,
+}
+
+/usr/bin/foo4 {
+ owner change_profile -> /bin/[ab],
+}
+
+/usr/bin/foo5 {
+ owner change_profile -> /bin/[^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/o_re_ok_2.sd b/parser/tst/simple_tests/change_profile/o_re_ok_2.sd
new file mode 100644
index 0000000..bcfec4e
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_re_ok_2.sd
@@ -0,0 +1,69 @@
+#
+#=DESCRIPTION owner change_profile to a hat
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner change_profile -> /bin/foo//bar,
+}
+
+/usr/bin/foo2 {
+ owner change_profile -> /bin/foo//ba*,
+}
+
+/usr/bin/foo3 {
+ owner change_profile -> /bin/foo//ba**,
+}
+
+/usr/bin/foo4 {
+ owner change_profile -> /bin/foo//ba?,
+}
+
+/usr/bin/foo5 {
+ owner change_profile -> /bin/foo//ba[ab],
+}
+
+/usr/bin/foo6 {
+ owner change_profile -> /bin/foo//ba[^ab],
+}
+
+/usr/bin/foo7 {
+ owner change_profile -> /bin/fo*//bar,
+}
+
+/usr/bin/foo8 {
+ owner change_profile -> /bin/fo**//bar,
+}
+
+/usr/bin/foo9 {
+ owner change_profile -> /bin/fo?//bar,
+}
+
+/usr/bin/foo10 {
+ owner change_profile -> /bin/fo[ab]//bar,
+}
+
+/usr/bin/foo11 {
+ owner change_profile -> /bin/fo[^ab]//bar,
+}
+
+/usr/bin/foo12 {
+ owner change_profile -> /bin/fo*//ba*,
+}
+
+/usr/bin/foo13 {
+ owner change_profile -> /bin/fo**//ba**,
+}
+
+/usr/bin/foo14 {
+ owner change_profile -> /bin/fo?//ba?,
+}
+
+/usr/bin/foo15 {
+ owner change_profile -> /bin/fo[ab]//ba[ab],
+}
+
+/usr/bin/foo16 {
+ owner change_profile -> /bin/fo[^ab]//ba[^ab],
+}
+
+
diff --git a/parser/tst/simple_tests/change_profile/o_re_ok_3.sd b/parser/tst/simple_tests/change_profile/o_re_ok_3.sd
new file mode 100644
index 0000000..3f3d314
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_re_ok_3.sd
@@ -0,0 +1,67 @@
+#
+#=DESCRIPTION owner change_profile with name space
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner change_profile -> :foo:/bin/foo,
+}
+
+/usr/bin/foo2 {
+ owner change_profile -> :foo:/bin/fo*,
+}
+
+/usr/bin/foo3 {
+ owner change_profile -> :foo:/bin/fo**,
+}
+
+/usr/bin/foo4 {
+ owner change_profile -> :foo:/bin/fo?,
+}
+
+/usr/bin/foo5 {
+ owner change_profile -> :foo:/bin/fo[ab],
+}
+
+/usr/bin/foo6 {
+ owner change_profile -> :foo:/bin/fo[^ab],
+}
+
+/usr/bin/foo7 {
+ owner change_profile -> :fo*:/bin/foo,
+}
+
+/usr/bin/foo8 {
+ owner change_profile -> :fo**:/bin/foo,
+}
+
+/usr/bin/foo9 {
+ owner change_profile -> :fo?:/bin/foo,
+}
+
+/usr/bin/foo10 {
+ owner change_profile -> :fo[ab]:/bin/foo,
+}
+
+/usr/bin/foo11 {
+ owner change_profile -> :fo[^ab]:/bin/foo,
+}
+
+/usr/bin/foo12 {
+ owner change_profile -> :fo*:/bin/fo*,
+}
+
+/usr/bin/foo13 {
+ owner change_profile -> :fo**:/bin/fo**,
+}
+
+/usr/bin/foo14 {
+ owner change_profile -> :fo?:/bin/fo?,
+}
+
+/usr/bin/foo15 {
+ owner change_profile -> :fo[ab]:/bin/fo[ab],
+}
+
+/usr/bin/foo16 {
+ owner change_profile -> :fo[^ab]:/bin/fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/o_re_ok_4.sd b/parser/tst/simple_tests/change_profile/o_re_ok_4.sd
new file mode 100644
index 0000000..9686081
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_re_ok_4.sd
@@ -0,0 +1,51 @@
+#
+#=DESCRIPTION owner change_profile with a variable (LP: #390810)
+#=EXRESULT FAIL
+#
+
+@{LIBVIRT}="libvirt"
+@{LIBVIRT_RE}="libvirt*"
+
+/usr/bin/foo {
+ owner change_profile -> @{LIBVIRT}-fo*,
+}
+
+/usr/bin/foo2 {
+ owner change_profile -> @{LIBVIRT}-fo**,
+}
+
+/usr/bin/foo3 {
+ owner change_profile -> @{LIBVIRT}-fo[ab],
+}
+
+/usr/bin/foo4 {
+ owner change_profile -> @{LIBVIRT}-fo[^ab],
+}
+
+/usr/bin/foo5 {
+ owner change_profile -> @{LIBVIRT}-fo?,
+}
+
+/usr/bin/foo6 {
+ owner change_profile -> @{LIBVIRT_RE}-foo,
+}
+
+/usr/bin/foo7 {
+ owner change_profile -> @{LIBVIRT_RE}-fo*,
+}
+
+/usr/bin/foo8 {
+ owner change_profile -> @{LIBVIRT_RE}-fo**,
+}
+
+/usr/bin/foo9 {
+ owner change_profile -> @{LIBVIRT_RE}-fo?,
+}
+
+/usr/bin/foo10 {
+ owner change_profile -> @{LIBVIRT_RE}-fo[ab],
+}
+
+/usr/bin/foo11 {
+ owner change_profile -> @{LIBVIRT_RE}-fo[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/o_re_ok_5.sd b/parser/tst/simple_tests/change_profile/o_re_ok_5.sd
new file mode 100644
index 0000000..3d13d8b
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_re_ok_5.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION owner change_profile with just res
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ owner change_profile -> *,
+}
+
+/usr/bin/foo2 {
+ owner change_profile -> **,
+}
+
+/usr/bin/foo3 {
+ owner change_profile -> ?,
+}
+
+/usr/bin/foo4 {
+ owner change_profile -> [ab],
+}
+
+/usr/bin/foo5 {
+ owner change_profile -> [^ab],
+}
+
diff --git a/parser/tst/simple_tests/change_profile/o_re_ok_6.sd b/parser/tst/simple_tests/change_profile/o_re_ok_6.sd
new file mode 100644
index 0000000..1d4206c
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_re_ok_6.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION owner change_profile with just res, child profile
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ owner change_profile -> *//ab,
+}
+
+/usr/bin/foo2 {
+ owner change_profile -> **//ab,
+}
+
+/usr/bin/foo3 {
+ owner change_profile -> ?//ab,
+}
+
+/usr/bin/foo4 {
+ owner change_profile -> [ab]//ab,
+}
+
+/usr/bin/foo5 {
+ owner change_profile -> [^ab]//ab,
+}
+
+/usr/bin/foo6 {
+ owner change_profile -> ab//*,
+}
+
+/usr/bin/foo7 {
+ owner change_profile -> ab//**,
+}
+
+/usr/bin/foo8 {
+ owner change_profile -> ab//?,
+}
+
+/usr/bin/foo9 {
+ owner change_profile -> ab//[ab],
+}
+
+/usr/bin/foo10 {
+ owner change_profile -> ab//[^ab],
+}
+
+/usr/bin/foo11 {
+ owner change_profile -> *//*,
+}
+
+/usr/bin/foo12 {
+ owner change_profile -> **//*,
+}
+
+/usr/bin/foo13 {
+ owner change_profile -> ?//*,
+}
+
+/usr/bin/foo14 {
+ owner change_profile -> [ab]//*,
+}
+
+/usr/bin/foo15 {
+ owner change_profile -> [^ab]//*,
+}
+
diff --git a/parser/tst/simple_tests/change_profile/o_re_ok_7.sd b/parser/tst/simple_tests/change_profile/o_re_ok_7.sd
new file mode 100644
index 0000000..b427185
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_re_ok_7.sd
@@ -0,0 +1,65 @@
+#
+#=DESCRIPTION owner change_profile with just re, namespace
+#=EXRESULT FAIL
+#
+
+
+/usr/bin/foo {
+ owner change_profile -> :ab:*,
+}
+
+/usr/bin/foo2 {
+ owner change_profile -> :ab:**,
+}
+
+/usr/bin/foo3 {
+ owner change_profile -> :ab:?,
+}
+
+/usr/bin/foo4 {
+ owner change_profile -> :ab:[ab],
+}
+
+/usr/bin/foo5 {
+ owner change_profile -> :ab:[^ab],
+}
+
+/usr/bin/foo6 {
+ owner change_profile -> :*:ab,
+}
+
+/usr/bin/foo7 {
+ owner change_profile -> :**:ab,
+}
+
+/usr/bin/foo8 {
+ owner change_profile -> :?:ab,
+}
+
+/usr/bin/foo9 {
+ owner change_profile -> :[ab]:ab,
+}
+
+/usr/bin/foo10 {
+ owner change_profile -> :[^ab]:ab,
+}
+
+/usr/bin/foo11 {
+ owner change_profile -> :*:*,
+}
+
+/usr/bin/foo12 {
+ owner change_profile -> :**:**,
+}
+
+/usr/bin/foo13 {
+ owner change_profile -> :?:?,
+}
+
+/usr/bin/foo14 {
+ owner change_profile -> :[ab]:[ab],
+}
+
+/usr/bin/foo15 {
+ owner change_profile -> :[^ab]:[^ab],
+}
diff --git a/parser/tst/simple_tests/change_profile/o_re_ok_8.sd b/parser/tst/simple_tests/change_profile/o_re_ok_8.sd
new file mode 100644
index 0000000..9a98fce
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/o_re_ok_8.sd
@@ -0,0 +1,45 @@
+#
+#=DESCRIPTION owner change_profile re with quotes
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo5 {
+ owner change_profile -> "/bin/*",
+}
+
+/usr/bin/foo6 {
+ owner change_profile -> "/bin/**",
+}
+
+/usr/bin/foo7 {
+ owner change_profile -> "/bin/[ab]",
+}
+
+/usr/bin/foo8 {
+ owner change_profile -> "/bin/[^ab]",
+}
+
+/usr/bin/foo10 {
+ owner change_profile -> "/bin/?ab",
+}
+
+/usr/bin/foo11 {
+ owner change_profile -> "/bin/ *",
+}
+
+/usr/bin/foo12 {
+ owner change_profile -> "/bin/ **",
+}
+
+/usr/bin/foo13 {
+ owner change_profile -> "/bin/ [ab]",
+}
+
+/usr/bin/foo14 {
+ owner change_profile -> "/bin/ [^ab]",
+}
+
+/usr/bin/foo15 {
+ owner change_profile -> "/bin/ ?ab",
+}
+
--
2.1.4
More information about the AppArmor
mailing list