Currently, the filter on executable file name is limited to the exit filter. Was there a good reason to limit it to this filter and can it be extended for use by user, task and exclude filters?

... audit_field_valid(...) { ... switch(f->type) { ... case AUDIT_EXE: ... if (entry->rule.listnr != AUDIT_FILTER_EXIT) return -EINVAL;