parser: add support for matching based on extended file attributes

Add userland support for matching based on extended file attributes.
This leverages DFA based matching already in the kernel:

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8e51f908
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73f488cd

Matching is exposed via flags on the profile:

  /usr/bin/* xattrs=(user.foo=bar user.bar=**) {
      # ...
  }

Profiles list the set of extended attributes that a file MUST have, and
a regex to match the value of that extended attributes. Additional
extended attributes on the file don't effect the match.

Signed-off-by: Eric Chiang <ericchiang@google.com>

parser/parser_interface.c

@@ -371,6 +371,28 @@ void sd_serialize_xtable(std::ostringstream &buf, char **table)
 	sd_write_structend(buf);
 }
 
+void sd_serialize_xattrs(std::ostringstream &buf, struct cond_entry_list xattrs)
+{
+	int count;
+	struct cond_entry *entry;
+
+	if (!(xattrs.list))
+		return;
+
+	count = 0;
+	for (entry = xattrs.list; entry; entry = entry->next) {
+		count++;
+	}
+
+	sd_write_struct(buf, "xattrs");
+	sd_write_array(buf, NULL, count);
+	for (entry = xattrs.list; entry; entry = entry->next) {
+		sd_write_string(buf, entry->name, NULL);
+	}
+	sd_write_arrayend(buf);
+	sd_write_structend(buf);
+}
+
 void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
 			 int flattened)
 {
@@ -432,6 +454,8 @@ void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
 	sd_write_uint32(buf, 0);
 	sd_write_structend(buf);
 
+	sd_serialize_xattrs(buf, profile->xattrs);
+
 	sd_serialize_rlimits(buf, &profile->rlimits);
 
 	if (profile->net.allow && kernel_supports_network) {