1 sid kernel u:r:kernel:s0 2 sid security u:object_r:kernel:s0 3 sid unlabeled u:object_r:unlabeled:s0 4 sid fs u:object_r:labeledfs:s0 5 sid file u:object_r:unlabeled:s0 6 sid file_labels u:object_r:unlabeled:s0 7 sid init u:object_r:unlabeled:s0 8 sid any_socket u:object_r:unlabeled:s0 9 sid port u:object_r:port:s0 10 sid netif u:object_r:netif:s0 11 sid netmsg u:object_r:unlabeled:s0 12 sid node u:object_r:node:s0 13 sid igmp_packet u:object_r:unlabeled:s0 14 sid icmp_socket u:object_r:unlabeled:s0 15 sid tcp_socket u:object_r:unlabeled:s0 16 sid sysctl_modprobe u:object_r:unlabeled:s0 17 sid sysctl u:object_r:proc:s0 18 sid sysctl_fs u:object_r:unlabeled:s0 19 sid sysctl_kernel u:object_r:unlabeled:s0 20 sid sysctl_net u:object_r:unlabeled:s0 21 sid sysctl_net_unix u:object_r:unlabeled:s0 22 sid sysctl_vm u:object_r:unlabeled:s0 23 sid sysctl_dev u:object_r:unlabeled:s0 24 sid kmod u:object_r:unlabeled:s0 25 sid policy u:object_r:unlabeled:s0 26 sid scmp_packet u:object_r:unlabeled:s0 27 sid devnull u:object_r:null_device:s0 28 29 # Label inodes via getxattr. 30 fs_use_xattr yaffs2 u:object_r:labeledfs:s0; 31 fs_use_xattr jffs2 u:object_r:labeledfs:s0; 32 fs_use_xattr ext2 u:object_r:labeledfs:s0; 33 fs_use_xattr ext3 u:object_r:labeledfs:s0; 34 fs_use_xattr ext4 u:object_r:labeledfs:s0; 35 fs_use_xattr xfs u:object_r:labeledfs:s0; 36 fs_use_xattr btrfs u:object_r:labeledfs:s0; 37 38 # Label inodes from task label. 39 fs_use_task pipefs u:object_r:pipefs:s0; 40 fs_use_task sockfs u:object_r:sockfs:s0; 41 42 # Label inodes from combination of task label and fs label. 43 # Define type_transition rules if you want per-domain types. 44 fs_use_trans devpts u:object_r:devpts:s0; 45 fs_use_trans tmpfs u:object_r:tmpfs:s0; 46 fs_use_trans devtmpfs u:object_r:device:s0; 47 fs_use_trans shm u:object_r:shm:s0; 48 fs_use_trans mqueue u:object_r:mqueue:s0; 49 50 # Label inodes with the fs label. 51 genfscon rootfs / u:object_r:rootfs:s0 52 # proc labeling can be further refined (longest matching prefix). 53 genfscon proc / u:object_r:proc:s0 54 # selinuxfs booleans can be individually labeled. 55 genfscon selinuxfs / u:object_r:selinuxfs:s0 56 genfscon cgroup / u:object_r:cgroup:s0 57 # sysfs labels can be set by userspace. 58 genfscon sysfs / u:object_r:sysfs:s0 59 genfscon inotifyfs / u:object_r:inotify:s0 60 genfscon vfat / u:object_r:sdcard:s0 61 genfscon debugfs / u:object_r:debugfs:s0 62 genfscon fuse / u:object_r:sdcard:s0 63 64 # portcon statements go here, e.g. 65 # portcon tcp 80 u:object_r:http_port:s0 66
