Merge parser: equality test fixups

The original location of the error count checks in the middle of the priority function helper was completely nonsensical. We can instead do this check just once after running all the tests. In addition, some tests in the priority helper don't use the priority variables at all, and are moved out of the helper to avoid repeating the exact same sequence of tests 16 times. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1604 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net>
2025-08-29 21:38:15 +00:00 · 2025-04-02 17:53:15 +00:00 · 2025-04-02 17:53:15 +00:00 · a54e4e2cf9
commit a54e4e2cf9
parent ca0b695c0c 6da10ef98f
1 changed files with 30 additions and 30 deletions
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@ -879,28 +879,6 @@ verify_binary_equality "'$p1'x'$p2' link rules slash filtering" \
                        @{BAR}=/mnt/
                           /t { $p2 link @{FOO}/foo -> @{BAR}/bar, }"

-verify_binary_equality "'$p1'x'$p2' attachment slash filtering" \
-                       "/t /bin/foo { }" \
-                       "/t /bin//foo { }" \
-                       "@{BAR}=/bin/
-			   /t @{BAR}/foo { }" \
-                       "@{FOO}=/foo
-			   /t /bin/@{FOO} { }" \
-                       "@{BAR}=/bin/
-                        @{FOO}=/foo
-			   /t @{BAR}/@{FOO} { }"
-
-# verify comment at end of variable assignment is not treated as a value
-verify_binary_equality "comment at end of set var" \
-                       "/t { /bin/ r, }" \
-                       "@{BAR}=/bin/   #a tail comment
-			   /t { @{BAR} r, }"
-
-verify_binary_equality "value like comment at end of set var" \
-                       "/t { /{bin/,#value} r, }" \
-                       "@{BAR}=bin/   \#value
-			   /t { /@{BAR} r, }"
-

 # This can potentially fail as ideally it requires a better dfa comparison
 # routine as it can generates hormomorphic dfas. The enumeration of the
@ -912,12 +890,6 @@ verify_binary_equality "'$p1'x'$p2' mount specific deny doesn't affect non-overl
 			"/t { $p2 audit deny mount /s/** -> /**,
 			      mount options=bind /e/ -> /**, }"

-if [ $fails -ne 0 ] || [ $errors -ne 0 ]
-then
-	printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 1>&2
-	exit $((fails + errors))
-fi
-

 ## priority override equivalence tests
 ## compare single rule, to multi-rule profile where one rule overrides
@ -1082,6 +1054,29 @@ run_tests()
 			"/t { /a r, }" \
 			"/t { priority=-1 audit deny /* rwxlk, /a r, }"

+	# Tests that do not use priority keywords at all
+
+	verify_binary_equality "attachment slash filtering" \
+				"/t /bin/foo { }" \
+				"/t /bin//foo { }" \
+				"@{BAR}=/bin/
+					/t @{BAR}/foo { }" \
+				"@{FOO}=/foo
+					/t /bin/@{FOO} { }" \
+				"@{BAR}=/bin/
+					@{FOO}=/foo
+					/t @{BAR}/@{FOO} { }"
+	# verify comment at end of variable assignment is not treated as a value
+	verify_binary_equality "comment at end of set var" \
+				"/t { /bin/ r, }" \
+				"@{BAR}=/bin/   #a tail comment
+					/t { @{BAR} r, }"
+
+	verify_binary_equality "value like comment at end of set var" \
+				"/t { /{bin/,#value} r, }" \
+				"@{BAR}=bin/   \#value
+					/t { /@{BAR} r, }"
+
 	# verify combinations of different priority levels
 	# for single rule comparisons, rules should keep same expected result
 	# even when the priorities are different.
@ -1109,8 +1104,13 @@ run_tests()
 	done

 	[ -z "${verbose}" ] && printf "\n"
-	printf "PASS\n"
-	exit 0
+	if [ $fails -ne 0 ] || [ $errors -ne 0 ]; then
+		printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 1>&2
+		exit $((fails + errors))
+	else
+		printf "PASS\n"
+		exit 0
+	fi
 }