Two ordering fixes

[cgzones]

Do not complain about:

allow foo_t self: process signal;
tcp_pattern(foo_t, self)
allow foo_t self:udp_socket read;

optional_policy(`
    a_call(foo_t)

    optional_policy(`
        x_call(foo_t)
    ')
')

optional_policy(`
    b_call(foo_t)
')

[dburgener]

This looks good, thanks. Merged.

For my curiosity, I've never seen either of these patterns before. Do you have real world examples of these usages you can point to?

[cgzones]

I am using a build time option to en-/disable extended permissions and use a wrapper

define(`xperm_pattern', `
    allow $1 $2:$3 ioctl;

    ifdef(`xperm_rules',`
        allowxperm $1 $2:$3 ioctl $4;
    ')
')

to write:

allow dig_t self:unix_dgram_socket { create };
xperm_pattern(dig_t, self, unix_dgram_socket, ioctl_siocgifindex)
allow dig_t self:unix_stream_socket { connect create };

The second one comes up when using dbus interfaces, like:

optional_policy(`
    dbus_system_bus_service(systemd_logind_t)

    optional_policy(`
        upower_dbus_chat(systemd_logind_t)
    ')
')

optional_policy(`
    getty_start(systemd_logind_t)
')

[dburgener]

Both make sense. Thanks!