UPSTREAM: selinux: bpf: Add selinux check for eBPF syscall operations

Implement the actual checks introduced to eBPF related syscalls. This
implementation use the security field inside bpf object to store a sid that
identify the bpf object. And when processes try to access the object,
selinux will check if processes have the right privileges. The creation
of eBPF object are also checked at the general bpf check hook and new
cmd introduced to eBPF domain can also be checked there.

Signed-off-by: Chenbo Feng <fengc@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Bug: 30950746
Change-Id: Ifb0cdd4b7d470223b143646b339ba511ac77c156

(cherry picked from commit ec27c3568a34c7fe5fcf4ac0a354eda77687f7eb)
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>