Move all ulogd networking into the mysql and postgres optionals.

policy/modules/services/ulogd.te

@@ -31,9 +31,6 @@ logging_log_file(ulogd_var_log_t)
 
 allow ulogd_t self:capability net_admin;
 allow ulogd_t self:netlink_nflog_socket create_socket_perms;
-allow ulogd_t self:netlink_route_socket r_netlink_socket_perms;
-allow ulogd_t self:tcp_socket { create_stream_socket_perms connect };
-allow ulogd_t self:udp_socket create_socket_perms;
 
 # config files
 read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)
@@ -51,14 +48,20 @@ files_read_usr_files(ulogd_t)
 
 miscfiles_read_localization(ulogd_t)
 
-sysnet_dns_name_resolve(ulogd_t)
-
 optional_policy(`
+	allow ulogd_t self:tcp_socket create_stream_socket_perms;
+
 	mysql_stream_connect(ulogd_t)
 	mysql_tcp_connect(ulogd_t)
+
+	sysnet_dns_name_resolve(ulogd_t)
 ')
 
 optional_policy(`
+	allow ulogd_t self:tcp_socket create_stream_socket_perms;
+
 	postgresql_stream_connect(ulogd_t)
 	postgresql_tcp_connect(ulogd_t)
+
+	sysnet_dns_name_resolve(ulogd_t)
 ')