1 ; This is a dummy policy which main aim is to be compatible with test.log 2 3 ; Define one category and one sensitivity in order to make things work 4 (mls true) 5 (category c0) 6 (categoryorder (c0)) 7 (sensitivity s0) 8 (sensitivityorder (s0)) 9 (sensitivitycategory s0 (c0)) 10 11 ; Define some users and roles 12 (user system_u) 13 (user root) 14 (user unconfined_u) 15 (role system_r) 16 (role unconfined_r) 17 (userrole root system_r) 18 (userrole system_u system_r) 19 (userrole unconfined_u unconfined_r) 20 (userlevel system_u (s0)) 21 (userlevel root (s0)) 22 (userlevel unconfined_u (s0)) 23 (userrange system_u ((s0)(s0 (c0)))) 24 (userrange root ((s0)(s0 (c0)))) 25 (userrange unconfined_u ((s0)(s0 (c0)))) 26 27 ; Define domain types 28 (type automount_t) 29 (type ftpd_t) 30 (type httpd_t) 31 (type kernel_t) 32 (type nsplugin_t) 33 (type postfix_local_t) 34 (type qemu_t) 35 (type smbd_t) 36 37 (roletype system_r automount_t) 38 (roletype system_r ftpd_t) 39 (roletype system_r httpd_t) 40 (roletype system_r kernel_t) 41 (roletype system_r postfix_local_t) 42 (roletype system_r qemu_t) 43 (roletype system_r smbd_t) 44 (roletype unconfined_r nsplugin_t) 45 46 ; Define file types 47 (type automount_lock_t) 48 (type default_t) 49 (type fixed_disk_device_t) 50 (type home_root_t) 51 (type httpd_sys_content_t) 52 (type httpd_sys_script_exec_t) 53 (type mail_spool_t) 54 (type ssh_home_t) 55 (type usr_t) 56 (type var_t) 57 58 ; Define port types 59 (type mysqld_port_t) 60 (type reserved_port_t) 61 62 ; Define initial SID 63 (sid kernel) 64 (sidorder (kernel)) 65 (sidcontext kernel (system_u system_r kernel_t ((s0) (s0)))) 66 67 ; Define classes 68 (class blk_file (getattr open read write)) 69 (class dir (append open search)) 70 (class file (execute execute_no_trans getattr open read write)) 71 (class tcp_socket (ioctl name_bind name_connect)) 72 (classorder (blk_file file dir tcp_socket)) 73 74 ; The policy compiler requires at least one rule 75 (allow kernel_t default_t (file (open read write))) 76
