1 allow unconfineddomain self:capability_class_set *; 2 allow unconfineddomain kernel:security *; 3 allow unconfineddomain kernel:system *; 4 allow unconfineddomain self:memprotect *; 5 allow unconfineddomain domain:process *; 6 allow unconfineddomain domain:fd *; 7 allow unconfineddomain domain:dir r_dir_perms; 8 allow unconfineddomain domain:lnk_file r_file_perms; 9 allow unconfineddomain domain:{ fifo_file file } rw_file_perms; 10 allow unconfineddomain domain:socket_class_set *; 11 allow unconfineddomain domain:ipc_class_set *; 12 allow unconfineddomain domain:key *; 13 allow unconfineddomain fs_type:filesystem *; 14 allow unconfineddomain {fs_type dev_type file_type}:{ dir blk_file lnk_file sock_file fifo_file } *; 15 allow unconfineddomain {fs_type dev_type file_type}:{ chr_file file } ~entrypoint; 16 allow unconfineddomain node_type:node *; 17 allow unconfineddomain node_type:{ tcp_socket udp_socket rawip_socket } node_bind; 18 allow unconfineddomain netif_type:netif *; 19 allow unconfineddomain port_type:socket_class_set name_bind; 20 allow unconfineddomain port_type:{ tcp_socket dccp_socket } name_connect; 21 allow unconfineddomain domain:peer recv; 22 allow unconfineddomain domain:binder { call transfer set_context_mgr }; 23 allow unconfineddomain property_type:property_service set; 24
