audit: add fields to exclude filter by reusing user filter

extern int		    audit_update_lsm_rules(void);

				/* Private API (for audit.c only) */

extern int audit_filter_user(int type);

extern int audit_filter_type(int type);

extern int audit_rule_change(int type, __u32 portid, int seq,

				void *data, size_t datasz);

extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);

		if (!audit_enabled && msg_type != AUDIT_USER_AVC)

			return 0;

		err = audit_filter_user(msg_type);

		err = audit_filter(msg_type, AUDIT_FILTER_USER);

		if (err == 1) { /* match or error */

			err = 0;

			if (msg_type == AUDIT_USER_TTY) {

	if (audit_initialized != AUDIT_INITIALIZED)

		return NULL;

	if (unlikely(audit_filter_type(type)))

	if (unlikely(!audit_filter(type, AUDIT_FILTER_TYPE)))

		return NULL;

	if (gfp_mask & __GFP_DIRECT_RECLAIM) {

extern kuid_t audit_sig_uid;

extern u32 audit_sig_sid;

extern int audit_filter(int msgtype, unsigned int listtype);

#ifdef CONFIG_AUDITSYSCALL

extern int __audit_signal_info(int sig, struct task_struct *t);

static inline int audit_signal_info(int sig, struct task_struct *t)

	return strncmp(p, dname, dlen);

}

static int audit_filter_user_rules(struct audit_krule *rule, int type,

				   enum audit_state *state)

int audit_filter(int msgtype, unsigned int listtype)

{

	int i;

	struct audit_entry *e;

	int ret = 1; /* Audit by default */

	rcu_read_lock();

	if (list_empty(&audit_filter_list[listtype]))

		goto unlock_and_return;

	list_for_each_entry_rcu(e, &audit_filter_list[listtype], list) {

		int i, result = 0;

	for (i = 0; i < rule->field_count; i++) {

		struct audit_field *f = &rule->fields[i];

		for (i = 0; i < e->rule.field_count; i++) {

			struct audit_field *f = &e->rule.fields[i];

			pid_t pid;

		int result = 0;

			u32 sid;

			switch (f->type) {

							  f->op, f->val);

				break;

			case AUDIT_MSGTYPE:

			result = audit_comparator(type, f->op, f->val);

				result = audit_comparator(msgtype, f->op, f->val);

				break;

			case AUDIT_SUBJ_USER:

			case AUDIT_SUBJ_ROLE:

				if (f->lsm_rule) {

					security_task_getsecid(current, &sid);

					result = security_audit_rule_match(sid,

								   f->type,

								   f->op,

								   f->lsm_rule,

								   NULL);

			}

			break;

		}

		if (result <= 0)

			return result;

							f->type, f->op, f->lsm_rule, NULL);

				}

	switch (rule->action) {

	case AUDIT_NEVER:

		*state = AUDIT_DISABLED;

				break;

	case AUDIT_ALWAYS:

		*state = AUDIT_RECORD_CONTEXT;

		break;

	}

	return 1;

}

int audit_filter_user(int type)

{

	enum audit_state state = AUDIT_DISABLED;

	struct audit_entry *e;

	int rc, ret;

	ret = 1; /* Audit by default */

	rcu_read_lock();

	list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {

		rc = audit_filter_user_rules(&e->rule, type, &state);

		if (rc) {

			if (rc > 0 && state == AUDIT_DISABLED)

				ret = 0;

			break;

		}

	}

	rcu_read_unlock();

	return ret;

			default:

				goto unlock_and_return;

			}

int audit_filter_type(int type)

{

	struct audit_entry *e;

	int result = 0;

	rcu_read_lock();

	if (list_empty(&audit_filter_list[AUDIT_FILTER_TYPE]))

			if (result < 0) /* error */

				goto unlock_and_return;

	list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TYPE],

				list) {

		int i;

		for (i = 0; i < e->rule.field_count; i++) {

			struct audit_field *f = &e->rule.fields[i];

			if (f->type == AUDIT_MSGTYPE) {

				result = audit_comparator(type, f->op, f->val);

			if (!result)

				break;

		}

		if (result > 0) {

			if (e->rule.action == AUDIT_NEVER || listtype == AUDIT_FILTER_TYPE)

				ret = 0;

			break;

		}

		if (result)

			goto unlock_and_return;

	}

unlock_and_return:

	rcu_read_unlock();

	return result;

	return ret;

}

static int update_lsm_rule(struct audit_krule *r)