feat(aa): add support for prompt and priority rule.

pkg/aa/base.go

@@ -99,6 +99,7 @@ func (r Base) addLine(other Rule) bool {
 }
 
 type Qualifier struct {
+	Priority   string
 	Audit      bool
 	AccessType string
 }
@@ -109,6 +110,9 @@ func newQualifierFromLog(log map[string]string) Qualifier {
 }
 
 func (r Qualifier) Compare(o Qualifier) int {
+	if r := compare(r.Priority, o.Priority); r != 0 {
+		return r
+	}
 	if r := compare(r.Audit, o.Audit); r != 0 {
 		return r
 	}
@@ -116,7 +120,7 @@ func (r Qualifier) Compare(o Qualifier) int {
 }
 
 func (r Qualifier) Equal(o Qualifier) bool {
-	return r.Audit == o.Audit && r.AccessType == o.AccessType
+	return r.Priority == o.Priority && r.Audit == o.Audit && r.AccessType == o.AccessType
 }
 
 func (r Qualifier) getLenAudit() int {

pkg/aa/parse.go

@@ -15,6 +15,8 @@ const (
 	tokALLOW        = "allow"
 	tokAUDIT        = "audit"
 	tokDENY         = "deny"
+	tokPROMPT       = "prompt"
+	tokPRIORITY     = "priority"
 	tokARROW        = "->"
 	tokEQUAL        = "="
 	tokLESS         = "<"
@@ -524,7 +526,11 @@ func newRules(rules []rule) (Rules, error) {
 			rule = rule[1:]
 			goto qualifier
 		// Qualifier
-		case tokALLOW, tokDENY:
+		case tokPRIORITY:
+			q.Priority = rule.GetValues(tokPRIORITY).GetString()
+			rule = rule[1:]
+			goto qualifier
+		case tokALLOW, tokDENY, tokPROMPT:
 			q.AccessType = rule.Get(0)
 			rule = rule[1:]
 			goto qualifier

pkg/aa/templates/rule/qualifier.j2

@@ -3,6 +3,9 @@
 {{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
 
 {{- define "qualifier" -}}
+    {{- with .Priority -}}
+        {{- "priority=" -}}{{ . }}{{ " " }}
+    {{- end -}}
     {{- if .Audit -}}
         {{- "audit " -}}
     {{- end -}}