[apparmor] [patch 5/5] tests: support more complex change_profile tests

[steve at nxnw.org]

This adds support to the profile generator script for change_profile
rules, giving the ability to write the 3 factor version of the rule
(e.g. "change_profile /t -> A_PROFILE") which was significantly more
difficult using straight raw rules, which is why we don't have any 3
factor rule tests.

Signed-off-by: Steve Beattie <steve at nxnw.org>
---
 parser/tst/equality.sh                 |    4 ++++
 tests/regression/apparmor/mkprofile.pl |   18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

Index: b/tests/regression/apparmor/mkprofile.pl
===================================================================
--- a/tests/regression/apparmor/mkprofile.pl
+++ b/tests/regression/apparmor/mkprofile.pl
@@ -334,6 +334,22 @@ sub gen_flag($) {
   }
 }
 
+sub gen_change_profile($) {
+    my $rule = shift;
+    my @rules = split (/:/, $rule);
+    if (@rules == 2) {
+	if ($rules[1] =~ /^ALL$/) {
+            push (@{$output_rules{$hat}}, "  change_profile,\n",);
+	} else {
+            push (@{$output_rules{$hat}}, "  change_profile -> $rules[1],\n",);
+	}
+    } elsif (@rules == 3) {
+        push (@{$output_rules{$hat}}, "  change_profile $rules[1] -> $rules[2],\n",);
+    } else {
+        (!$nowarn) && print STDERR "Warning: invalid change_profile description '$rule', ignored\n";
+    }
+}
+
 sub gen_hat($) {
   my $rule = shift;
   my @rules = split (/:/, $rule);
@@ -406,6 +422,8 @@ sub gen_from_args() {
       gen_flag($rule);
     } elsif ($rule =~ /^hat:/) {
       gen_hat($rule);
+    } elsif ($rule =~ /^change_profile:/) {
+      gen_change_profile($rule);
     } elsif ($rule =~ /^addimage:/) {
       gen_addimage($rule);
       $addimage = 1;