rule sort support priority

src/maat_config_monitor.c

@@ -373,6 +373,11 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
 	*/	
 	cJSON *tmp_rule = NULL;
 	cJSON_ArrayForEach(tmp_rule, rules) {
+		cJSON *priority_obj = cJSON_GetObjectItem(tmp_rule, "priority");
+		if (priority_obj == NULL) {
+			cJSON_AddNumberToObject(tmp_rule, "priority", 1000);
+		}
+
 		cJSON *tmp_and_condition = NULL;
 		cJSON *condition_array = cJSON_GetObjectItem(tmp_rule, "and_conditions");
 		cJSON_ArrayForEach(tmp_and_condition, condition_array) {

src/maat_rule.c

@@ -42,13 +42,6 @@ struct rule_schema {
     struct log_handle *logger;
 };
 
-struct rule_item {
-    int condition_num;
-    uuid_t rule_uuid;
-    char *table_line;
-    size_t table_line_len;
-};
-
 struct condition_query_key {
 	uuid_t object_uuid;
     char field_name[MAX_FIELD_NAME_LEN];
@@ -131,9 +124,9 @@ struct rule_sort_para {
 struct maat_rule {
 	uint32_t magic_num;
     int condition_num;
+    int ptiority;
     int table_id;
     uuid_t rule_uuid;
-    void *user_data; // rule_item
 	struct rule_condition conditions[MAX_ITEMS_PER_BOOL_EXPR];
 };
 
@@ -161,26 +154,10 @@ static UT_icd ut_object_uuid_icd = {sizeof(uuid_t), NULL, NULL, NULL};
 static UT_icd ut_maat_item_icd = {sizeof(struct maat_item), NULL, NULL, NULL};
 static UT_icd ut_hit_path_icd = {sizeof(struct internal_hit_path), NULL, NULL, NULL};
 
-static void rule_item_free(struct rule_item *item)
-{
-    item->condition_num = 0;
-
-    if (item->table_line != NULL) {
-        FREE(item->table_line);
-    }
-    
-    FREE(item);
-}
-
 static void maat_rule_free(struct maat_rule *rule)
 {
 	struct rule_condition *condition = NULL;
 
-	if (rule->user_data != NULL) {
-		rule_item_free(rule->user_data);
-        rule->user_data = NULL;
-	}
-
 	for (int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {
 		condition = rule->conditions + i;
 
@@ -232,9 +209,45 @@ static int validate_table_not_condition(struct rule_runtime *rule_rt,
     return 0;
 }
 
+static int rule_accept_tag_match(struct rule_schema *schema, const char *line,
+                                    const char *table_name, struct log_handle *logger)
+{
+    size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
+    cJSON *tmp_obj = NULL;
+    cJSON *table_json = cJSON_Parse(line);
+    int ret = TAG_MATCH_MATCHED;
+
+    tmp_obj = cJSON_GetObjectItem(table_json, "effective_range");
+
+    if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) {
+        char *tag_str = cJSON_Print(tmp_obj);
+        ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
+        FREE(tag_str);
+        if (TAG_MATCH_ERR == ret) {
+            log_fatal(logger, MODULE_RULE,
+                      "[%s:%d] table: <%s> has invalid tag format in line:%s",
+                      __FUNCTION__, __LINE__, table_name, line);
+            goto END;
+        }
+
+        if (TAG_MATCH_UNMATCHED == ret) {
+            log_fatal(logger, MODULE_RULE,
+                      "[%s:%d] table: <%s> has unmatched tag in line:%s",
+                      __FUNCTION__, __LINE__, table_name, line);
+            goto END;
+        }
+    }
+
+END:
+    if (table_json) {
+        cJSON_Delete(table_json);
+    }
+
+    return ret;
+}
+
 static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule_schema *schema,
-                                        const char *table_name, uuid_t rule_uuid, 
+                                        const char *table_name, uuid_t rule_uuid, const char *table_line)
-                                        const char *table_line, struct rule_item *rule_item)
 {
 	struct maat_rule *rule = ALLOC(struct maat_rule, 1);
     struct log_handle *logger = rule_rt->logger;
@@ -250,10 +263,25 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
         goto error;
     }
 
+    int ret = rule_accept_tag_match(schema, table_line, table_name, logger);
+    if (ret == TAG_MATCH_UNMATCHED) {
+        goto error;
+    }
+
+
     rule->table_id = table_id;
 	rule->magic_num = MAAT_RULE_MAGIC;
     uuid_copy(rule->rule_uuid, rule_uuid);
 
+    tmp_obj = cJSON_GetObjectItem(table_json, "priority");
+    if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) {
+        log_fatal(logger, MODULE_RULE,
+                  "[%s:%d] table: <%s> has no priority or not number format",
+                  __FUNCTION__, __LINE__, table_name);
+        goto error;
+    }
+    rule->ptiority = tmp_obj->valueint;
+
     for(int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {	
         utarray_new(rule->conditions[i].literals, &ut_condition_literal_icd);
 		rule->conditions[i].in_use = 0;
@@ -346,9 +374,6 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
         condition->in_use = 1;
     }
 
-    rule_item->condition_num = rule->condition_num;
-    rule->user_data = rule_item;
-
     if (table_json) {
         cJSON_Delete(table_json);
     }
@@ -367,78 +392,6 @@ error:
     return NULL;
 }
 
-static int rule_accept_tag_match(struct rule_schema *schema, const char *line,
-                                    const char *table_name, struct log_handle *logger)
-{
-    size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
-    cJSON *tmp_obj = NULL;
-    cJSON *table_json = cJSON_Parse(line);
-    int ret = TAG_MATCH_MATCHED;
-
-    tmp_obj = cJSON_GetObjectItem(table_json, "effective_range");
-
-    if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) {
-        char *tag_str = cJSON_Print(tmp_obj);
-        ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
-        FREE(tag_str);
-        if (TAG_MATCH_ERR == ret) {
-            log_fatal(logger, MODULE_RULE,
-                      "[%s:%d] table: <%s> has invalid tag format in line:%s",
-                      __FUNCTION__, __LINE__, table_name, line);
-            goto END;
-        }
-
-        if (TAG_MATCH_UNMATCHED == ret) {
-            log_fatal(logger, MODULE_RULE,
-                      "[%s:%d] table: <%s> has unmatched tag in line:%s",
-                      __FUNCTION__, __LINE__, table_name, line);
-            goto END;
-        }
-    }
-
-END:
-    if (table_json) {
-        cJSON_Delete(table_json);
-    }
-
-    return ret;
-}
-
-static struct rule_item *rule_item_new(const char *table_line, struct rule_schema *schema,
-                 const char *table_name, struct log_handle *logger)
-{
-    int ret = rule_accept_tag_match(schema, table_line, table_name, logger);
-    if (ret == TAG_MATCH_UNMATCHED) {
-        return NULL;
-    }
-
-    cJSON *tmp_obj = NULL;
-    struct rule_item *rule_item = ALLOC(struct rule_item, 1);
-    cJSON *table_json = cJSON_Parse(table_line);
-
-    tmp_obj = cJSON_GetObjectItem(table_json, "uuid");
-    if (tmp_obj == NULL && tmp_obj->type != cJSON_String) {
-        log_fatal(logger, MODULE_RULE,
-                  "[%s:%d] table: <%s> has no rule_id or not string format in line:%s",
-                  __FUNCTION__, __LINE__, table_name, table_line);
-        goto error;
-    }
-    uuid_parse(tmp_obj->valuestring, rule_item->rule_uuid);
-
-    rule_item->table_line_len = strlen(table_line);
-    rule_item->table_line = ALLOC(char, rule_item->table_line_len + 1);
-    memcpy(rule_item->table_line, table_line, rule_item->table_line_len);
-
-    cJSON_Delete(table_json);
-    return rule_item;
-error:
-    if (table_json) {
-        cJSON_Delete(table_json);
-    }
-    FREE(rule_item);
-    return NULL;
-}
-
 static void rcu_rule_cfg_free(void *user_ctx, void *data)
 {
     struct maat_rule *rule = (struct maat_rule *)data;
@@ -805,8 +758,8 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
 			continue;
 		}
 
-        if (rule->user_data != NULL) {
+        if (rule != NULL) {
-            user_data_array[ud_result_cnt] = rule->user_data;
+            user_data_array[ud_result_cnt] = rule;
 			ud_result_cnt++;
         }
 	}
@@ -1106,13 +1059,13 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
     int bool_match_ret =
         bool_matcher_match(rule_rt->bm, 
                           (unsigned long long *)utarray_eltptr(rule_compile_state->all_hit_conditions, 0),
-						  utarray_len(rule_compile_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM);
+						  utarray_len(rule_compile_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM);//TODO: maat_state_compile
 
 	for (int idx = 0; idx < bool_match_ret; idx++) {
         rule = (struct maat_rule *)expr_match[idx].user_tag;
 		assert(rule->magic_num == MAAT_RULE_MAGIC);
         assert(uuid_compare(rule->rule_uuid, expr_match[idx].expr_uuid) == 0);
-		if (0 == rule->condition_num || NULL == rule->user_data) {
+		if (0 == rule->condition_num) {
 			continue;
 		}
 
@@ -1263,14 +1216,13 @@ int rule_runtime_update_rule_exdata(struct rule_runtime *rule_rt,
     if (NULL == json) {
         log_debug(rule_rt->logger, MODULE_RULE,
                   "[%s:%d]parse row failed when updating rule exdata, row:%s", __FUNCTION__, __LINE__, row);
-        return -1;
+        goto ERROR;
     }
     cJSON *uuid_obj = cJSON_GetObjectItem(json, "uuid");
     if (NULL == uuid_obj) {
         log_debug(rule_rt->logger, MODULE_RULE,
                   "[%s:%d]get uuid failed when updating rule exdata, row:%s", __FUNCTION__, __LINE__, row);
-        cJSON_Delete(json);
+        goto ERROR;
-        return -1;
     }
 
     uuid_t key;
@@ -1283,7 +1235,7 @@ int rule_runtime_update_rule_exdata(struct rule_runtime *rule_rt,
             // delete
             ret = ex_data_runtime_del_ex_container(rule_rt->ex_data_rt, (char*)&key, key_len);
             if (ret < 0) {
-                return -1;
+                goto ERROR;
             }
         } else {
             // add
@@ -1298,7 +1250,8 @@ int rule_runtime_update_rule_exdata(struct rule_runtime *rule_rt,
                       "key:%s", __FUNCTION__, __LINE__, table_name, key);
                 ex_container_free(rule_rt->ex_data_rt, ex_container);
                 //don't return failed, ignore the case of adding duplicate keys
-                return 0;
+                ret = 0;
+                goto ERROR;
             }
         }
     }
@@ -1308,7 +1261,14 @@ int rule_runtime_update_rule_exdata(struct rule_runtime *rule_rt,
         rule_rt->exdata_num = ex_data_runtime_cached_row_count(rule_rt->ex_data_rt);
     }
 
+    cJSON_Delete(json);
+
     return 0;
+ERROR:
+    if (json != NULL) {
+        cJSON_Delete(json);
+    }
+    return ret;
 }
 
 int rule_runtime_commit_exdata(void *rule_runtime, const char *table_name,
@@ -1371,11 +1331,6 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
                             const char *line, struct log_handle *logger)
 {
     struct maat_rule *rule = NULL;
-    struct rule_item *rule_item = rule_item_new(line, schema, table_name,
-                                                         rule_rt->logger);
-    if (NULL == rule_item) {
-        goto ERROR;
-    }
 
     int table_id = table_manager_get_table_id(schema->ref_tbl_mgr, table_name);
     if (table_id < 0) {
@@ -1402,7 +1357,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
         goto ERROR;
     }
 
-    rule = maat_rule_new(rule_rt, schema, table_name, *rule_uuid, line, rule_item);
+    rule = maat_rule_new(rule_rt, schema, table_name, *rule_uuid, line);
     if (NULL == rule) {
         log_fatal(logger, MODULE_RULE,
                   "[%s:%d]maat_rule_new failed, drop line:%s",
@@ -1415,10 +1370,6 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
     return 0;
 
 ERROR:
-    if (rule_item != NULL) {
-        rule_item_free(rule_item);
-    }
-
     return -1;
 }
 
@@ -1643,41 +1594,25 @@ long long rule_runtime_update_err_count(void *rule_runtime)
     return rule_rt->update_err_cnt;
 }
 
-static int rule_sort_para_compare(const struct rule_sort_para *a,
+static int compare_rule(const void *a, const void *b)
-                                     const struct rule_sort_para *b)
 {
-	//If rule rule's execute sequences are not specified or equal.
+	const struct maat_rule *ra = *(const struct maat_rule **)a;
-	if (a->condition_num != b->condition_num) {
+	const struct maat_rule *rb = *(const struct maat_rule **)b;
-		return (a->condition_num - b->condition_num);
+
+    if (ra->ptiority != rb->ptiority) {
+        return (ra->ptiority - rb->ptiority);
+    } else if (ra->condition_num != rb->condition_num) {
+		return (rb->condition_num - ra->condition_num);
 	} else {
-        return uuid_compare(b->rule_uuid, a->rule_uuid);
+        return uuid_compare(rb->rule_uuid, ra->rule_uuid);
 	}
 }
 
-static void rule_sort_para_set(struct rule_sort_para *para, 
-                                  const struct rule_item *item)
-{
-    uuid_copy(para->rule_uuid, item->rule_uuid);
-	para->condition_num = item->condition_num;
-}
-
-static int compare_rule_item(const void *a, const void *b)
-{
-	const struct rule_item *ra = *(const struct rule_item **)a;
-	const struct rule_item *rb = *(const struct rule_item **)b;
-	
-	struct rule_sort_para sa, sb;
-	rule_sort_para_set(&sa, ra);
-	rule_sort_para_set(&sb, rb);
-
-	return rule_sort_para_compare(&sa, &sb);
-}
-
 int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_uuids,
                           size_t rule_ids_size, struct maat_state *state)
 {
     struct rule_compile_state *rule_compile_state = state->rule_compile_state;
-    struct rule_item *rule_items[rule_ids_size];
+    struct maat_rule *rules[rule_ids_size];
     int clear_scan_not_obj_flag = 0;
 
     utarray_clear(rule_compile_state->all_hit_conditions);
@@ -1765,15 +1700,15 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
     size_t bool_match_ret =
         maat_rule_bool_matcher_match(rule_rt, rule_compile_state,
                                         state->thread_id,
-                                        (void **)rule_items,
+                                        (void **)rules,
                                         rule_ids_size);
     if (bool_match_ret > 0) {
-        qsort(rule_items, bool_match_ret, sizeof(struct rule_item *),
+        qsort(rules, bool_match_ret, sizeof(struct maat_rule *),
-              compare_rule_item);
+              compare_rule);
     }
    
     for (size_t i = 0; i < bool_match_ret; i++) {
-        uuid_copy(rule_uuids[i], rule_items[i]->rule_uuid);
+        uuid_copy(rule_uuids[i], rules[i]->rule_uuid);
 	}
     
     return MIN(bool_match_ret, rule_ids_size);

test/maat_framework_gtest.cpp

@@ -18,6 +18,7 @@
 #define ARRAY_SIZE              10
 #define HIT_PATH_SIZE           128
 #define	WAIT_FOR_EFFECTIVE_S	2
+#define RULE_PRIORITY_DEFAULT   1000
 
 const char *g_table_info_path = "./table_info.json";
 const char *g_json_filename = "maat_json.json";
@@ -51,7 +52,8 @@ static int test_add_expr_command(struct maat *maat_inst, const char *expr_table,
     and_condition->or_conditions[0].object_uuids_str[0] = object_uuid_str;
     and_condition->or_conditions[0].object_num = 1;
     ret = rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_ADD,
-                                 rule_uuid_str, and_condition, 1, NULL, timeout);
+                                 rule_uuid_str, and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, timeout);
     EXPECT_EQ(ret, 1);
 
     return ret;
@@ -755,7 +757,8 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) {
     and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
     and_condition.or_conditions[0].object_num = 1;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                 rule_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 3);
@@ -1008,9 +1011,9 @@ TEST_P(StringScan, PrefixAndSuffix) {
     EXPECT_EQ(n_hit_result, 2);
     char uuid_str[UUID_STR_LEN] = {0};
     uuid_unparse(results[0], uuid_str);
-    EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
-    uuid_unparse(results[1], uuid_str);
     EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152");
+    uuid_unparse(results[1], uuid_str);
+    EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
 
     maat_state_reset(state);
     ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_suffix,
@@ -1040,9 +1043,9 @@ TEST_P(StringScan, PrefixAndSuffix) {
     n_hit_result = maat_state_compile(state, default_rule_table_name, results, exdata_array, ARRAY_SIZE);
     EXPECT_EQ(n_hit_result, 2);
     uuid_unparse(results[0], uuid_str);
-    EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
-    uuid_unparse(results[1], uuid_str);
     EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152");
+    uuid_unparse(results[1], uuid_str);
+    EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
 
     maat_state_free(state);
     state = NULL;
@@ -1696,7 +1699,8 @@ TEST_P(StringScan, dynamic_config) {
     and_condition.or_conditions[0].object_num = 1;
     and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                 rule_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 3);
@@ -1721,7 +1725,8 @@ TEST_P(StringScan, dynamic_config) {
 
     /* rule table del line */
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
-                                 rule_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -2332,7 +2337,8 @@ TEST_F(IPScan, RuleUpdates) {
     and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
     and_condition.or_conditions[0].field_name = field_name;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, 
-                                 rule_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -2357,7 +2363,8 @@ TEST_F(IPScan, RuleUpdates) {
 
     /* rule table del line */
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, 
-                                 rule_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -5537,14 +5544,14 @@ TEST_F(Policy, EvaluationOrder) {
     EXPECT_EQ(n_hit_result, 3);
     char uuid_str[UUID_STR_LEN] = {0};
     uuid_unparse(results[0], uuid_str);
-    EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000166");
-
-    uuid_unparse(results[1], uuid_str);
     EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168");
 
-    uuid_unparse(results[2], uuid_str);
+    uuid_unparse(results[1], uuid_str);
     EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000167");
 
+    uuid_unparse(results[2], uuid_str);
+    EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000166");
+
     struct maat_hit_path hit_path[128];
     memset(hit_path, 0, sizeof(hit_path));
     size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128);
@@ -5620,8 +5627,8 @@ TEST_F(Policy, EvaluationOrder) {
 
     n_hit_result = maat_state_compile(state, default_rule_table_name, results, exdata_array, ARRAY_SIZE);
     EXPECT_EQ(n_hit_result, 4);
-    uuid_unparse(results[3], uuid_str);
+    uuid_unparse(results[0], uuid_str);
-    EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000165");
+    EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000165");//higher priority
 
     maat_state_free(state);
 }
@@ -6262,7 +6269,8 @@ TEST_F(MaatCmd, SetIP) {
     and_condition.or_conditions[0].object_num = 1;
     and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule_uuid_str, &and_condition, 1, NULL, 0);
+                            rule_uuid_str, &and_condition, 1, NULL,
+                            RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6339,10 +6347,10 @@ TEST_F(MaatCmd, SetExpr) {
     maat_state_reset(state);
 
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule_uuid_str1, 
-                                 &and_condition1, 1, NULL, 0);
+                                 &and_condition1, 1, NULL, RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule_uuid_str2, 
-                                 &and_condition2, 1, NULL, 0);
+                                 &and_condition2, 1, NULL, RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
     sleep(WAIT_FOR_EFFECTIVE_S);
 
@@ -6417,7 +6425,8 @@ TEST_F(MaatCmd, SetExpr8) {
     and_condition.or_conditions[0].object_num = 1;
     and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule_uuid_str, &and_condition, 1, NULL, 0);
+                                     rule_uuid_str, &and_condition, 1, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6486,7 +6495,8 @@ TEST_F(MaatCmd, ObjectScan) {
     and_condition.or_conditions[0].object_num = 1;
     and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
     int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule_uuid_str, &and_condition, 1, NULL, 0);
+                                     rule_uuid_str, &and_condition, 1, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6553,7 +6563,8 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) {
     and_condition[1].or_conditions[0].object_num = 1;
     and_condition[1].or_conditions[0].object_uuids_str[0] = object_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule_uuid_str, and_condition, 2, NULL, 0); // rule has two condition
+                                     rule_uuid_str, and_condition, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0); // rule has two condition
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6608,7 +6619,7 @@ TEST_F(MaatCmd, RuleIDRecycle) {
 
     maat_state_reset(state);
 
-    rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_DEL, rule_uuid_str, &and_condition, 1, NULL, 0);
+    rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_DEL, rule_uuid_str, &and_condition, 1, NULL, RULE_PRIORITY_DEFAULT, 0);
     sleep(WAIT_FOR_EFFECTIVE_S);
 
     ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
@@ -6736,7 +6747,8 @@ TEST_F(MaatCmd, SubObject) {
     and_condition.or_conditions[0].object_num = 1;
     and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, 
-                                     rule1_uuid_str, &and_condition, 1, NULL, 0);
+                                     rule1_uuid_str, &and_condition, 1, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     //rule2
@@ -6745,7 +6757,8 @@ TEST_F(MaatCmd, SubObject) {
     char rule2_uuid_str[UUID_STR_LEN] = {0};
     snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, 
-                                 rule2_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule2_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -6774,7 +6787,8 @@ TEST_F(MaatCmd, SubObject) {
                            \_ X -> rule2
     */
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, 
-                                 rule2_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule2_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
     sleep(WAIT_FOR_EFFECTIVE_S);
 
@@ -6796,12 +6810,14 @@ TEST_F(MaatCmd, SubObject) {
                    \_ -> rule2
     */
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, 
-                                 rule1_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule1_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     and_condition.or_conditions[0].object_uuids_str[0] = object2_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, 
-                                 rule2_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule2_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6854,11 +6870,13 @@ TEST_F(MaatCmd, SubObject) {
     */
     and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                 rule1_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule1_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
-                                 rule1_uuid_str, &and_condition, 1, NULL, 0);
+                                 rule1_uuid_str, &and_condition, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6911,7 +6929,8 @@ TEST_F(MaatCmd, RefObject) {
     and_condition.or_conditions[0].object_num = 1;
     and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, 
-                                     rule1_uuid_str, &and_condition, 1, NULL, 0);
+                                     rule1_uuid_str, &and_condition, 1, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6919,14 +6938,15 @@ TEST_F(MaatCmd, RefObject) {
     /* item1 -> object1 -> X                   
         item2 -> object2 -> rule1
     */
-    rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule1_uuid_str, &and_condition, 1, NULL, 0);
+    rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule1_uuid_str, &and_condition, 1, NULL, RULE_PRIORITY_DEFAULT, 0);
 
     long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
     char object2_uuid_str[UUID_STR_LEN] = {0};
     snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id);
     and_condition.or_conditions[0].object_uuids_str[0] = object2_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, 
-                                     rule1_uuid_str, &and_condition, 1, NULL, 0);
+                                     rule1_uuid_str, &and_condition, 1, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
@@ -7008,7 +7028,8 @@ TEST_F(MaatCmd, Field) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, 
-                                     rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -7044,14 +7065,16 @@ TEST_F(MaatCmd, Field) {
 
     //delete object1
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, 
-                                     rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     and_conditions[0].negate_option = 0;
     and_conditions[0].or_condition_num = 1;
     and_conditions[0].or_conditions[0].field_name = field_resp_name;
     and_conditions[0].or_conditions[0].object_num = 1;
     and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, 
-                                     rule1_uuid_str, and_conditions, 1, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 1, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -7353,14 +7376,16 @@ TEST_F(MaatCmd, RuleEXData) {
     and_condition.or_conditions[0].object_num = 1;
     and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
     int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, &and_condition, 1, "test:rule1,1111", 0);
+                                     rule1_uuid_str, &and_condition, 1, "test:rule1,1111",
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
     char rule2_uuid_str[UUID_STR_LEN] = {0};
     snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                 rule2_uuid_str, &and_condition, 1, "test:rule2,2222", 0);
+                                 rule2_uuid_str, &and_condition, 1, "test:rule2,2222",
+                                 RULE_PRIORITY_DEFAULT, 0);
     sleep(WAIT_FOR_EFFECTIVE_S);
 
     *ex_data_counter = 0;
@@ -7389,6 +7414,7 @@ TEST_F(MaatCmd, RuleEXData) {
     uuid_unparse(results[1], uuid_str);
     EXPECT_STREQ(uuid_str, rule1_uuid_str);
 
+    maat_state_free(state);
 
     ASSERT_TRUE(exdata_array[0] != NULL);
     struct rule_ex_param *param = (struct rule_ex_param *)exdata_array[0];
@@ -7399,7 +7425,8 @@ TEST_F(MaatCmd, RuleEXData) {
 	EXPECT_EQ(param->id, 1111);
 
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
-                                 rule2_uuid_str, &and_condition, 1, "test:rule2,2222", 0);
+                                 rule2_uuid_str, &and_condition, 1, "test:rule2,2222",
+                                 RULE_PRIORITY_DEFAULT, 0);
     sleep(WAIT_FOR_EFFECTIVE_S);
     EXPECT_EQ(param->id, 1111); 
     sleep(2);
@@ -7837,7 +7864,8 @@ TEST_F(MaatCmd, ObjectInMassRules) {
         rule_id[i] = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
         snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id[i]);
         ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule_uuid_str, and_conditions, 2, "mass_rule", 0);
+                                     rule_uuid_str, and_conditions, 2, "mass_rule",
+                                     RULE_PRIORITY_DEFAULT, 0);
         EXPECT_EQ(ret, 1);
     }
 
@@ -7860,7 +7888,8 @@ TEST_F(MaatCmd, ObjectInMassRules) {
     target_and_conditions[1].or_conditions[0].object_num = 1;
     target_and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                 target_rule_uuid_str, target_and_conditions, 2, "null", 0);
+                                 target_rule_uuid_str, target_and_conditions, 2, "null",
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -7965,7 +7994,8 @@ TEST_F(MaatCmd, HitObject) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     /* item1 -> object1 -> rule1
@@ -8230,7 +8260,8 @@ TEST_F(MaatCmd, HitPathBasic) {
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
     snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id);
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                rule1_uuid_str, and_conditions, 2, NULL,
+                                RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     /* item1 -> object1 -> rule1
@@ -8570,7 +8601,8 @@ TEST_F(MaatCmd, HitPathAdvanced) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     /* item1 -> object1 -> rule1
@@ -8629,7 +8661,8 @@ TEST_F(MaatCmd, HitPathAdvanced) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule2_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule2_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
 
@@ -8674,7 +8707,8 @@ TEST_F(MaatCmd, HitPathAdvanced) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object4_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule3_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule3_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9009,7 +9043,8 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     /* !(item1 -> object1) -> rule1
@@ -9331,14 +9366,16 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) {
     and_condition.or_conditions[0].object_num = 1;
     and_condition.or_conditions[0].object_uuids_str[0] = object52_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                 rule2_uuid_str, &and_condition, 1, "HTTP_RESPONSE_HEADER", 0);
+                                 rule2_uuid_str, &and_condition, 1, "HTTP_RESPONSE_HEADER",
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     long long rule3_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
     char rule3_uuid_str[UUID_STR_LEN] = {0};
     snprintf(rule3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule3_id);
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                 rule3_uuid_str, &and_condition, 1, "HTTP_RESPONSE_HEADER", 0);
+                                 rule3_uuid_str, &and_condition, 1, "HTTP_RESPONSE_HEADER",
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9455,7 +9492,8 @@ TEST_F(MaatCmd, ObjectEdit) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9582,7 +9620,8 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
     and_conditions[0].or_conditions[0].object_num = 1;
     and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 1, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 1, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9610,7 +9649,8 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
     EXPECT_STREQ(uuid_str, rule1_uuid_str);
 
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
-                                 rule1_uuid_str, and_conditions, 1, NULL, 0);
+                                 rule1_uuid_str, and_conditions, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     int hit_cnt = 0;
@@ -9668,7 +9708,8 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
     and_conditions[0].or_conditions[0].object_num = 1;
     and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 1, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 1, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9710,7 +9751,8 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
     snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
     and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                 rule2_uuid_str, and_conditions, 1, NULL, 0);
+                                 rule2_uuid_str, and_conditions, 1, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     //DON'T DO THIS!!!
@@ -9763,7 +9805,8 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
     and_conditions[0].or_conditions[0].object_num = 1;
     and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 1, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 1, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S);
@@ -9851,7 +9894,8 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
     and_conditions[0].or_conditions[0].object_num = 1;
     and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 1, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 1, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9946,7 +9990,8 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9976,7 +10021,8 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
     char rule2_uuid_str[UUID_STR_LEN] = {0};
     snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                 rule2_uuid_str, and_conditions, 2, NULL, 0);
+                                 rule2_uuid_str, and_conditions, 2, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10056,7 +10102,8 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10164,7 +10211,8 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10191,7 +10239,8 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
     char rule2_uuid_str[UUID_STR_LEN] = {0};
     snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                 rule2_uuid_str, and_conditions, 2, NULL, 0);
+                                 rule2_uuid_str, and_conditions, 2, NULL,
+                                 RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10269,7 +10318,8 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
     and_conditions[1].or_conditions[0].object_num = 1;
     and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
     ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
-                                     rule1_uuid_str, and_conditions, 2, NULL, 0);
+                                     rule1_uuid_str, and_conditions, 2, NULL,
+                                     RULE_PRIORITY_DEFAULT, 0);
     EXPECT_EQ(ret, 1);
 
     sleep(WAIT_FOR_EFFECTIVE_S * 2);

test/maat_json.json

@@ -1970,7 +1970,7 @@
 			"do_log": 1,
 			"action_parameter": "EvaluationOrder",
 			"is_valid": "yes",
-			"evaluation_order": "2.111",
+			"priority": 1,
 			"and_conditions": [
 				{
 					"field_name": "HTTP_URL",

test/test_utils.cpp

@@ -138,7 +138,8 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por
 int rule_table_set_line(struct maat *maat_inst, const char *table_name,
                            enum maat_operation op, const char *rule_uuid_str,
                            struct maat_cmd_and_condition and_conditions[],
-                           int condition_num, const char *action_para_str, int expire_after)
+                           int condition_num, const char *action_para_str, 
+                           int priority, int expire_after)
 {
     cJSON *json_root = cJSON_CreateObject();
 
@@ -177,6 +178,8 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
         cJSON_AddStringToObject(json_root, "action_parameter", action_para_str);
     }
 
+    cJSON_AddNumberToObject(json_root, "priority", priority);
+
     char *json_str = cJSON_PrintUnformatted(json_root);
 
     struct maat_cmd_line line_rule;

test/test_utils.h

@@ -23,7 +23,8 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por
 int rule_table_set_line(struct maat *maat_inst, const char *table_name,
                            enum maat_operation op, const char *rule_uuid_str,
                            struct maat_cmd_and_condition and_conditions[],
-                           int condition_num, const char *action_para_str, int expire_after);
+                           int condition_num, const char *action_para_str, 
+                           int priority, int expire_after);
 
 int object_group_table_set_line(struct maat *maat_inst, const char *table_name,
                                enum maat_operation op, const char *object_uuid_str,