Add the ability to mediate signals.

Add signal rules and make sure the parser encodes support for them
if the supported feature set reports supporting them.

The current format of the signal rule is

  [audit] [deny] signal [<signal_perms>] [<signal_set>] <target_profile>,

  signal_perm  := 'send'|'receive'|'r'|'w'|'rw'
  signal_perms := <signal_perm> | '(' <signal_perm> ([,]<signal_perm>)* ')'
  signal := ("hup"|"int"|"quit"|"ill"|"trap"|"abrt"|"bus"|"fpe"|"kill"|
             "usr1"|"segv"|"usr2"|"pipe"|"alrm"|"term"|"tkflt"|"chld"|
             "cont"|"stop"|"stp"|"ttin"|"ttou"|"urg"|"xcpu"|"xfsz"|"vtalrm"|
             "prof"|"winch"|"io"|"pwr"|"sys"|"emt"|"exists")
  signal_set   := set=<signal> | '(' <signal> ([,]<signal>)* ')'


it does not currently follow the peer=() format, and there is some question
as to whether it should or not. Input welcome.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>

parser/parser.h

@@ -298,6 +298,7 @@ extern int kernel_supports_policydb;
 extern int kernel_supports_diff_encode;
 extern int kernel_supports_mount;
 extern int kernel_supports_dbus;
+extern int kernel_supports_signal;
 extern int conf_verbose;
 extern int conf_quiet;
 extern int names_only;
@@ -330,7 +331,9 @@ extern int yylex(void);
 extern const char *basedir;
 
 /* parser_regex.c */
-extern const char *default_match_pattern;
+#define default_match_pattern "[^\\000]*"
+#define anyone_match_pattern "[^\\000]+"
+
 extern pattern_t convert_aaregex_to_pcre(const char *aare, int anchor,
 					 std::string& pcre, int *first_re_pos);
 extern int build_list_val_expr(std::string& buffer, struct value_list *list);