parser: equality tests: update deny x perm carve out test

With priority rules, deny does not carve out permissions from the
higher priority rule. Technically it doesn't from lower priority either
as it completely overrides them, but that case already results in
an inequality so does not cause the tests to fail.

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 25f16b239d735023f2010d43f529fd79cd28326b)
Signed-off-by: John Johansen <john.johansen@canonical.com>

parser/tst/equality.sh

@@ -671,9 +671,17 @@ do
 				"/t { $p2 /f* ${perm1}, /a px -> b, /c px -> /t//b, }"
 		fi
 	done
-	verify_binary_inequality "'$p1'x'$p2' Exec \"${perm1}\" vs deny x - most specific match: different from glob" \
-		"/t { $p1 /* ${perm1}, audit deny /f x, }" \
-		"/t { $p2 /* ${perm1}, }"
+	if priority_gt "$p1" "" ; then
+		# priority stops permission carve out
+		verify_binary_equality "'$p1'x'$p2' Exec \"${perm1}\" vs deny x - most specific match: different from glob" \
+			"/t { $p1 /* ${perm1}, audit deny /f x, }" \
+			"/t { $p2 /* ${perm1}, }"
+	else
+		# deny rule carves out some of the match
+		verify_binary_inequality "'$p1'x'$p2' Exec \"${perm1}\" vs deny x - most specific match: different from glob" \
+			"/t { $p1 /* ${perm1}, audit deny /f x, }" \
+			"/t { $p2 /* ${perm1}, }"
+	fi
 
 done