The audit control messages are sent over netlink.  Permission checks are
done on the process receiving the message, which may not be the same as the
process sending the message.  This patch switches the netlink_send security
hooks to calculate the effective capabilities based on the sender.  Then
audit_receive_msg performs capability checks based on that.

It also introduces the CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL capabilities,
and replaces the previous CAP_SYS_ADMIN checks in audit code with the
appropriate checks.

- Simplified dummy_netlink_send given that dummy now keeps track of
  capabilities.

- Many fixes based on feedback from <linux-audit@redhat.com> list.

- Removed the netlink_msg_type helper function.

- Switch to using CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>