parser: support enforce, kill and unconfined profile modes

The enforce profile mode is the default but specifying it explicitly
has not been supported. Allow enforce to be specified as a mode. If
no mode is specified the default is still enforce.

The kernel has supported kill and unconfined profile modes for a
long time now. And support to the parser so that profiles can make
use of these modes.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/440
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/7
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>

utils/test/test-parser-simple-tests.py

@@ -119,6 +119,24 @@ exception_not_raised = [
     'profile/flags/flags_bad_debug_2.sd',
     'profile/flags/flags_bad_debug_3.sd',
     'profile/flags/flags_bad_debug_4.sd',
+    # detection of conflicting flags not supported
+    'profile/flags/flags_bad30.sd',
+    'profile/flags/flags_bad31.sd',
+    'profile/flags/flags_bad32.sd',
+    'profile/flags/flags_bad33.sd',
+    'profile/flags/flags_bad34.sd',
+    'profile/flags/flags_bad35.sd',
+    'profile/flags/flags_bad36.sd',
+    'profile/flags/flags_bad37.sd',
+    'profile/flags/flags_bad38.sd',
+    'profile/flags/flags_bad39.sd',
+    'profile/flags/flags_bad40.sd',
+    'profile/flags/flags_bad41.sd',
+    'profile/flags/flags_bad42.sd',
+    'profile/flags/flags_bad43.sd',
+    'profile/flags/flags_bad44.sd',
+    'profile/flags/flags_bad45.sd',
+    'profile/flags/flags_bad46.sd',
     'profile/simple_bad_no_close_brace4.sd',
     'profile/profile_ns_bad8.sd',  # 'profile :ns/t' without terminating ':'
     'ptrace/bad_05.sd',  # actually contains a capability rule with invalid (ptrace-related) keyword