[PATCH] SELinux: add support for NETLINK_KOBJECT_UEVENT

This patch adds SELinux support for the KOBJECT_UEVENT Netlink family, so
that SELinux can apply finer grained controls to it.  For example, security
policy for hald can be locked down to the KOBJECT_UEVENT Netlink family
only.  Currently, this family simply defaults to the default Netlink socket
class.

Note that some new permission definitions are added to sync with changes in
the core userspace policy package, which auto-generates header files.

Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

security/selinux/include/av_perm_to_string.h

@@ -118,6 +118,8 @@
    S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config")
    S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod")
    S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
+   S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
+   S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
    S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
    S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
    S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
@@ -230,3 +232,5 @@
    S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
    S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
    S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
+   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
+   S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")