[PATCH] audit: support for object context filters

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_CLR:

		case AUDIT_SUBJ_CLR:

		case AUDIT_OBJ_USER:

		case AUDIT_OBJ_ROLE:

		case AUDIT_OBJ_TYPE:

		case AUDIT_OBJ_LEV_LOW:

		case AUDIT_OBJ_LEV_HIGH:

			str = audit_unpack_string(&bufp, &remain, f->val);

			str = audit_unpack_string(&bufp, &remain, f->val);

			if (IS_ERR(str))

			if (IS_ERR(str))

				goto exit_free;

				goto exit_free;

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_CLR:

		case AUDIT_SUBJ_CLR:

		case AUDIT_OBJ_USER:

		case AUDIT_OBJ_ROLE:

		case AUDIT_OBJ_TYPE:

		case AUDIT_OBJ_LEV_LOW:

		case AUDIT_OBJ_LEV_HIGH:

			data->buflen += data->values[i] =

			data->buflen += data->values[i] =

				audit_pack_string(&bufp, f->se_str);

				audit_pack_string(&bufp, f->se_str);

			break;

			break;

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_CLR:

		case AUDIT_SUBJ_CLR:

		case AUDIT_OBJ_USER:

		case AUDIT_OBJ_ROLE:

		case AUDIT_OBJ_TYPE:

		case AUDIT_OBJ_LEV_LOW:

		case AUDIT_OBJ_LEV_HIGH:

			if (strcmp(a->fields[i].se_str, b->fields[i].se_str))

			if (strcmp(a->fields[i].se_str, b->fields[i].se_str))

				return 1;

				return 1;

			break;

			break;

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_CLR:

		case AUDIT_SUBJ_CLR:

		case AUDIT_OBJ_USER:

		case AUDIT_OBJ_ROLE:

		case AUDIT_OBJ_TYPE:

		case AUDIT_OBJ_LEV_LOW:

		case AUDIT_OBJ_LEV_HIGH:

			err = audit_dupe_selinux_field(&new->fields[i],

			err = audit_dupe_selinux_field(&new->fields[i],

						       &old->fields[i]);

						       &old->fields[i]);

			break;

			break;

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_CLR:

		case AUDIT_SUBJ_CLR:

		case AUDIT_OBJ_USER:

		case AUDIT_OBJ_ROLE:

		case AUDIT_OBJ_TYPE:

		case AUDIT_OBJ_LEV_LOW:

		case AUDIT_OBJ_LEV_HIGH:

			return 1;

			return 1;

		}

		}

	}

	}

				                                  ctx);

				                                  ctx);

			}

			}

			break;

			break;

		case AUDIT_OBJ_USER:

		case AUDIT_OBJ_ROLE:

		case AUDIT_OBJ_TYPE:

		case AUDIT_OBJ_LEV_LOW:

		case AUDIT_OBJ_LEV_HIGH:

			/* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR

			   also applies here */

			if (f->se_rule) {

				/* Find files that match */

				if (name) {

					result = selinux_audit_rule_match(

					           name->osid, f->type, f->op,

					           f->se_rule, ctx);

				} else if (ctx) {

					for (j = 0; j < ctx->name_count; j++) {

						if (selinux_audit_rule_match(

						      ctx->names[j].osid,

						      f->type, f->op,

						      f->se_rule, ctx)) {

							++result;

							break;

						}

					}

				}

				/* Find ipc objects that match */

				if (ctx) {

					struct audit_aux_data *aux;

					for (aux = ctx->aux; aux;

					     aux = aux->next) {

						if (aux->type == AUDIT_IPC) {

							struct audit_aux_data_ipcctl *axi = (void *)aux;

							if (selinux_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) {

								++result;

								break;

							}

						}

					}

				}

			}

			break;

		case AUDIT_ARG0:

		case AUDIT_ARG0:

		case AUDIT_ARG1:

		case AUDIT_ARG1:

		case AUDIT_ARG2:

		case AUDIT_ARG2:

	case AUDIT_SUBJ_USER:

	case AUDIT_SUBJ_USER:

	case AUDIT_SUBJ_ROLE:

	case AUDIT_SUBJ_ROLE:

	case AUDIT_SUBJ_TYPE:

	case AUDIT_SUBJ_TYPE:

	case AUDIT_OBJ_USER:

	case AUDIT_OBJ_ROLE:

	case AUDIT_OBJ_TYPE:

		/* only 'equals' and 'not equals' fit user, role, and type */

		/* only 'equals' and 'not equals' fit user, role, and type */

		if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)

		if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)

			return -EINVAL;

			return -EINVAL;

		break;

		break;

	case AUDIT_SUBJ_SEN:

	case AUDIT_SUBJ_SEN:

	case AUDIT_SUBJ_CLR:

	case AUDIT_SUBJ_CLR:

	case AUDIT_OBJ_LEV_LOW:

	case AUDIT_OBJ_LEV_HIGH:

		/* we do not allow a range, indicated by the presense of '-' */

		/* we do not allow a range, indicated by the presense of '-' */

		if (strchr(rulestr, '-'))

		if (strchr(rulestr, '-'))

			return -EINVAL;

			return -EINVAL;

	switch (field) {

	switch (field) {

	case AUDIT_SUBJ_USER:

	case AUDIT_SUBJ_USER:

	case AUDIT_OBJ_USER:

		userdatum = hashtab_search(policydb.p_users.table, rulestr);

		userdatum = hashtab_search(policydb.p_users.table, rulestr);

		if (!userdatum)

		if (!userdatum)

			rc = -EINVAL;

			rc = -EINVAL;

			tmprule->au_ctxt.user = userdatum->value;

			tmprule->au_ctxt.user = userdatum->value;

		break;

		break;

	case AUDIT_SUBJ_ROLE:

	case AUDIT_SUBJ_ROLE:

	case AUDIT_OBJ_ROLE:

		roledatum = hashtab_search(policydb.p_roles.table, rulestr);

		roledatum = hashtab_search(policydb.p_roles.table, rulestr);

		if (!roledatum)

		if (!roledatum)

			rc = -EINVAL;

			rc = -EINVAL;

			tmprule->au_ctxt.role = roledatum->value;

			tmprule->au_ctxt.role = roledatum->value;

		break;

		break;

	case AUDIT_SUBJ_TYPE:

	case AUDIT_SUBJ_TYPE:

	case AUDIT_OBJ_TYPE:

		typedatum = hashtab_search(policydb.p_types.table, rulestr);

		typedatum = hashtab_search(policydb.p_types.table, rulestr);

		if (!typedatum)

		if (!typedatum)

			rc = -EINVAL;

			rc = -EINVAL;

		break;

		break;

	case AUDIT_SUBJ_SEN:

	case AUDIT_SUBJ_SEN:

	case AUDIT_SUBJ_CLR:

	case AUDIT_SUBJ_CLR:

	case AUDIT_OBJ_LEV_LOW:

	case AUDIT_OBJ_LEV_HIGH:

		rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);

		rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);

		break;

		break;

	}

	}

	   without a match */

	   without a match */

	switch (field) {

	switch (field) {

	case AUDIT_SUBJ_USER:

	case AUDIT_SUBJ_USER:

	case AUDIT_OBJ_USER:

		switch (op) {

		switch (op) {

		case AUDIT_EQUAL:

		case AUDIT_EQUAL:

			match = (ctxt->user == rule->au_ctxt.user);

			match = (ctxt->user == rule->au_ctxt.user);

		}

		}

		break;

		break;

	case AUDIT_SUBJ_ROLE:

	case AUDIT_SUBJ_ROLE:

	case AUDIT_OBJ_ROLE:

		switch (op) {

		switch (op) {

		case AUDIT_EQUAL:

		case AUDIT_EQUAL:

			match = (ctxt->role == rule->au_ctxt.role);

			match = (ctxt->role == rule->au_ctxt.role);

		}

		}

		break;

		break;

	case AUDIT_SUBJ_TYPE:

	case AUDIT_SUBJ_TYPE:

	case AUDIT_OBJ_TYPE:

		switch (op) {

		switch (op) {

		case AUDIT_EQUAL:

		case AUDIT_EQUAL:

			match = (ctxt->type == rule->au_ctxt.type);

			match = (ctxt->type == rule->au_ctxt.type);

		break;

		break;

	case AUDIT_SUBJ_SEN:

	case AUDIT_SUBJ_SEN:

	case AUDIT_SUBJ_CLR:

	case AUDIT_SUBJ_CLR:

		level = (field == AUDIT_SUBJ_SEN ?

	case AUDIT_OBJ_LEV_LOW:

	case AUDIT_OBJ_LEV_HIGH:

		level = ((field == AUDIT_SUBJ_SEN ||

		          field == AUDIT_OBJ_LEV_LOW) ?

		         &ctxt->range.level[0] : &ctxt->range.level[1]);

		         &ctxt->range.level[0] : &ctxt->range.level[1]);

		switch (op) {

		switch (op) {

		case AUDIT_EQUAL:

		case AUDIT_EQUAL: