Comment 2 for bug 1446794

The following is a patch against the parser's policy equality and inequality test script that demonstrates that 'deny change_profile' policy is not being generated correctly:

Index: b/parser/tst/equality.sh
===================================================================
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@@ -285,7 +285,8 @@ for rule in "capability" "capability mac
  "file /f r" "file /f w" "file /f rwmlk" \
  "link /a -> /b" "link subset /a -> /b" \
  "l /a -> /b" "l subset /a -> /b" \
- "file l /a -> /b" "l subset /a -> /b"
+ "file l /a -> /b" "l subset /a -> /b" \
+ "change_profile -> unconfined" "change_profile -> /**"
 do
  verify_binary_equality "allow modifier for \"${rule}\"" \
   "/t { ${rule}, }" \