class security
class process
class system
class capability
class filesystem
class file
class dir
class fd
class lnk_file
class chr_file
class blk_file
class sock_file
class fifo_file
class socket
class tcp_socket
class udp_socket
class rawip_socket
class node
class netif
class netlink_socket
class packet_socket
class key_socket
class unix_stream_socket
class unix_dgram_socket
class sem
class msg
class msgq
class shm
class ipc
class passwd			# userspace
class drawable			# userspace
class window			# userspace
class gc			# userspace
class font			# userspace
class colormap			# userspace
class property			# userspace
class cursor			# userspace
class xclient			# userspace
class xinput			# userspace
class xserver			# userspace
class xextension		# userspace
class pax
class netlink_route_socket
class netlink_firewall_socket
class netlink_tcpdiag_socket
class netlink_nflog_socket
class netlink_xfrm_socket
class netlink_selinux_socket
class netlink_audit_socket
class netlink_ip6fw_socket
class netlink_dnrt_socket
class dbus			# userspace
class nscd			# userspace
class association
class netlink_kobject_uevent_socket
sid kernel
sid security
sid unlabeled
sid fs
sid file
sid file_labels
sid init
sid any_socket
sid port
sid netif
sid netmsg
sid node
sid igmp_packet
sid icmp_socket
sid tcp_socket
sid sysctl_modprobe
sid sysctl
sid sysctl_fs
sid sysctl_kernel
sid sysctl_net
sid sysctl_net_unix
sid sysctl_vm
sid sysctl_dev
sid kmod
sid policy
sid scmp_packet
sid devnull
common file
{
	ioctl
	read
	write
	create
	getattr
	setattr
	lock
	relabelfrom
	relabelto
	append
	unlink
	link
	rename
	execute
	swapon
	quotaon
	mounton
}
common socket
{
	ioctl
	read
	write
	create
	getattr
	setattr
	lock
	relabelfrom
	relabelto
	append
	bind
	connect
	listen
	accept
	getopt
	setopt
	shutdown
	recvfrom
	sendto
	recv_msg
	send_msg
	name_bind
}	
common ipc
{
	create
	destroy
	getattr
	setattr
	read
	write
	associate
	unix_read
	unix_write
}
class filesystem
{
	mount
	remount
	unmount
	getattr
	relabelfrom
	relabelto
	transition
	associate
	quotamod
	quotaget
}
class dir
inherits file
{
	add_name
	remove_name
	reparent
	search
	rmdir
}
class file
inherits file
{
	execute_no_trans
	entrypoint
	execmod
}
class lnk_file
inherits file
class chr_file
inherits file
{
	execute_no_trans
	entrypoint
	execmod
}
class blk_file
inherits file
class sock_file
inherits file
class fifo_file
inherits file
class fd
{
	use
}
class socket
inherits socket
class tcp_socket
inherits socket
{
	connectto
	newconn
	acceptfrom
	node_bind
	name_connect
}
class udp_socket
inherits socket
{
	node_bind
}
class rawip_socket
inherits socket
{
	node_bind
}
class node 
{
	tcp_recv
	tcp_send
	udp_recv
	udp_send
	rawip_recv
	rawip_send
	enforce_dest
}
class netif
{
	tcp_recv
	tcp_send
	udp_recv
	udp_send
	rawip_recv
	rawip_send
}
class netlink_socket
inherits socket
class packet_socket
inherits socket
class key_socket
inherits socket
class unix_stream_socket
inherits socket
{
	connectto
	newconn
	acceptfrom
}
class unix_dgram_socket
inherits socket
class process
{
	fork
	transition
	sigchld # commonly granted from child to parent
	sigkill # cannot be caught or ignored
	sigstop # cannot be caught or ignored
	signull # for kill(pid, 0)
	signal  # all other signals
	ptrace
	getsched
	setsched
	getsession
	getpgid
	setpgid
	getcap
	setcap
	share
	getattr
	setexec
	setfscreate
	noatsecure
	siginh
	setrlimit
	rlimitinh
	dyntransition
	setcurrent
	execmem
	execstack
	execheap
}
class ipc
inherits ipc
class sem
inherits ipc
class msgq
inherits ipc
{
	enqueue
}
class msg
{
	send
	receive
}
class shm
inherits ipc
{
	lock
}
class security
{
	compute_av
	compute_create
	compute_member
	check_context
	load_policy
	compute_relabel
	compute_user
	setenforce     # was avc_toggle in system class
	setbool
	setsecparam
	setcheckreqprot
}
class system
{
	ipc_info
	syslog_read  
	syslog_mod
	syslog_console
}
class capability
{
	chown           
	dac_override    
	dac_read_search 
	fowner          
	fsetid          
	kill            
	setgid           
	setuid           
	setpcap          
	linux_immutable  
	net_bind_service 
	net_broadcast    
	net_admin        
	net_raw          
	ipc_lock         
	ipc_owner        
	sys_module       
	sys_rawio        
	sys_chroot       
	sys_ptrace       
	sys_pacct        
	sys_admin        
	sys_boot         
	sys_nice         
	sys_resource     
	sys_time         
	sys_tty_config  
	mknod
	lease
	audit_write
	audit_control
}
class passwd
{
	passwd	# change another user passwd
	chfn	# change another user finger info
	chsh	# change another user shell
	rootok  # pam_rootok check (skip auth)
	crontab # crontab on another user
}
class drawable
{
	create
	destroy
	draw
	copy
	getattr
}
class gc
{
	create
	free
	getattr
	setattr
}
class window 
{
	addchild
	create
	destroy
	map
	unmap
	chstack
	chproplist
	chprop	
	listprop
	getattr
	setattr
	setfocus
	move
	chselection
	chparent
	ctrllife
	enumerate
	transparent
	mousemotion
	clientcomevent
	inputevent
	drawevent
	windowchangeevent
	windowchangerequest
	serverchangeevent
	extensionevent
}
class font
{
	load
	free
	getattr
	use
}
class colormap
{
	create
	free
	install
	uninstall
	list
	read
	store
	getattr
	setattr
}
class property
{
	create
	free
	read
	write
}
class cursor
{
	create
	createglyph
	free
	assign
	setattr
}
class xclient
{
	kill
}
class xinput
{
	lookup
	getattr
	setattr
	setfocus
	warppointer
	activegrab
	passivegrab
	ungrab
	bell
	mousemotion
	relabelinput
}
class xserver
{
	screensaver
	gethostlist
	sethostlist
	getfontpath
	setfontpath
	getattr
	grab
	ungrab
}
class xextension
{
	query
	use
}
class pax
{
	pageexec	# Paging based non-executable pages
	emutramp	# Emulate trampolines
	mprotect	# Restrict mprotect()
	randmmap	# Randomize mmap() base
	randexec	# Randomize ET_EXEC base
	segmexec	# Segmentation based non-executable pages
}
class netlink_route_socket
inherits socket
{
	nlmsg_read
	nlmsg_write
}
class netlink_firewall_socket
inherits socket
{
	nlmsg_read
	nlmsg_write
}
class netlink_tcpdiag_socket
inherits socket
{
	nlmsg_read
	nlmsg_write
}
class netlink_nflog_socket
inherits socket
class netlink_xfrm_socket
inherits socket
{
	nlmsg_read
	nlmsg_write
}
class netlink_selinux_socket
inherits socket
class netlink_audit_socket
inherits socket
{
	nlmsg_read
	nlmsg_write
	nlmsg_relay
	nlmsg_readpriv
}
class netlink_ip6fw_socket
inherits socket
{
	nlmsg_read
	nlmsg_write
}
class netlink_dnrt_socket
inherits socket
class dbus
{
	acquire_svc
	send_msg
}
class nscd
{
	getpwd
	getgrp
	gethost
	getstat
	admin
	shmempwd
	shmemgrp
	shmemhost
}
class association
{
	sendto
	recvfrom
	setcontext
}
class netlink_kobject_uevent_socket
inherits socket
sensitivity s0;
dominance { s0 }
category c0; category c1; category c2; category c3;
category c4; category c5; category c6; category c7;
category c8; category c9; category c10; category c11;
category c12; category c13; category c14; category c15;
category c16; category c17; category c18; category c19;
category c20; category c21; category c22; category c23;
category c24; category c25; category c26; category c27;
category c28; category c29; category c30; category c31;
category c32; category c33; category c34; category c35;
category c36; category c37; category c38; category c39;
category c40; category c41; category c42; category c43;
category c44; category c45; category c46; category c47;
category c48; category c49; category c50; category c51;
category c52; category c53; category c54; category c55;
category c56; category c57; category c58; category c59;
category c60; category c61; category c62; category c63;
category c64; category c65; category c66; category c67;
category c68; category c69; category c70; category c71;
category c72; category c73; category c74; category c75;
category c76; category c77; category c78; category c79;
category c80; category c81; category c82; category c83;
category c84; category c85; category c86; category c87;
category c88; category c89; category c90; category c91;
category c92; category c93; category c94; category c95;
category c96; category c97; category c98; category c99;
category c100; category c101; category c102; category c103;
category c104; category c105; category c106; category c107;
category c108; category c109; category c110; category c111;
category c112; category c113; category c114; category c115;
category c116; category c117; category c118; category c119;
category c120; category c121; category c122; category c123;
category c124; category c125; category c126; category c127;
category c128; category c129; category c130; category c131;
category c132; category c133; category c134; category c135;
category c136; category c137; category c138; category c139;
category c140; category c141; category c142; category c143;
category c144; category c145; category c146; category c147;
category c148; category c149; category c150; category c151;
category c152; category c153; category c154; category c155;
category c156; category c157; category c158; category c159;
category c160; category c161; category c162; category c163;
category c164; category c165; category c166; category c167;
category c168; category c169; category c170; category c171;
category c172; category c173; category c174; category c175;
category c176; category c177; category c178; category c179;
category c180; category c181; category c182; category c183;
category c184; category c185; category c186; category c187;
category c188; category c189; category c190; category c191;
category c192; category c193; category c194; category c195;
category c196; category c197; category c198; category c199;
category c200; category c201; category c202; category c203;
category c204; category c205; category c206; category c207;
category c208; category c209; category c210; category c211;
category c212; category c213; category c214; category c215;
category c216; category c217; category c218; category c219;
category c220; category c221; category c222; category c223;
category c224; category c225; category c226; category c227;
category c228; category c229; category c230; category c231;
category c232; category c233; category c234; category c235;
category c236; category c237; category c238; category c239;
category c240; category c241; category c242; category c243;
category c244; category c245; category c246; category c247;
category c248; category c249; category c250; category c251;
category c252; category c253; category c254; category c255;
level s0:c0.c255;
mlsconstrain file { write setattr append unlink link rename
		    ioctl lock execute relabelfrom } (h1 dom h2);
mlsconstrain file { create relabelto } ((h1 dom h2) and (l2 eq h2));
mlsconstrain file { read } ((h1 dom h2) or ( t2 == domain ) or ( t1 == mlsfileread ));
mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
	( h1 dom h2 );
mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
	(( h1 dom h2 ) and ( l2 eq h2 ));
mlsconstrain process { ptrace } ( h1 dom h2 );
mlsconstrain process { sigkill sigstop } ( h1 dom h2 ) or
		( t1 == mcskillall );
mlsconstrain xextension query ( t1 == mlsfileread );
attribute netif_type;
attribute node_type;
attribute port_type;
attribute reserved_port_type;
attribute device_node;
attribute memory_raw_read;
attribute memory_raw_write;
attribute domain;
attribute unconfined_domain_type;
attribute set_curr_context;
attribute entry_type;
attribute privfd;
attribute can_change_process_identity;
attribute can_change_process_role;
attribute can_change_object_identity;
attribute can_system_change;
attribute process_user_target;
attribute cron_source_domain;
attribute cron_job_domain;
attribute process_uncond_exempt;	# add userhelperdomain to this one
attribute file_type;
attribute lockfile;
attribute mountpoint;
attribute pidfile;
attribute polydir;
attribute usercanread;
attribute polyparent;
attribute polymember;
attribute security_file_type;
attribute tmpfile;
attribute tmpfsfile;
attribute filesystem_type;
attribute noxattrfs;
attribute can_load_kernmodule;
attribute can_receive_kernel_messages;
attribute kern_unconfined;
attribute proc_type;
attribute sysctl_type;
attribute mcskillall;
attribute mlsfileread;
attribute mlsfilereadtoclr;
attribute mlsfilewrite;
attribute mlsfilewritetoclr;
attribute mlsfileupgrade;
attribute mlsfiledowngrade;
attribute mlsnetread;
attribute mlsnetreadtoclr;
attribute mlsnetwrite;
attribute mlsnetwritetoclr;
attribute mlsnetupgrade;
attribute mlsnetdowngrade;
attribute mlsnetrecvall;
attribute mlsipcread;
attribute mlsipcreadtoclr;
attribute mlsipcwrite;
attribute mlsipcwritetoclr;
attribute mlsprocread;
attribute mlsprocreadtoclr;
attribute mlsprocwrite;
attribute mlsprocwritetoclr;
attribute mlsprocsetsl;
attribute mlsxwinread;
attribute mlsxwinreadtoclr;
attribute mlsxwinwrite;
attribute mlsxwinwritetoclr;
attribute mlsxwinreadproperty;
attribute mlsxwinwriteproperty;
attribute mlsxwinreadcolormap;
attribute mlsxwinwritecolormap;
attribute mlsxwinwritexinput;
attribute mlstrustedobject;
attribute privrangetrans;
attribute mlsrangetrans;
attribute can_load_policy;
attribute can_setenforce;
attribute can_setsecparam;
attribute ttynode;
attribute ptynode;
attribute server_ptynode;
attribute serial_device;
type bin_t;
type sbin_t;
type ls_exec_t;
type shell_exec_t;
type chroot_exec_t;
type ppp_device_t;
type tun_tap_device_t;
type port_t, port_type;
type reserved_port_t, port_type, reserved_port_type;
type afs_bos_port_t, port_type;
type afs_fs_port_t, port_type;
type afs_ka_port_t, port_type;
type afs_pt_port_t, port_type;
type afs_vl_port_t, port_type;
type amanda_port_t, port_type;
type amavisd_recv_port_t, port_type;
type amavisd_send_port_t, port_type;
type asterisk_port_t, port_type;
type auth_port_t, port_type;
type bgp_port_t, port_type;
type biff_port_t, port_type, reserved_port_type; 
type clamd_port_t, port_type;
type clockspeed_port_t, port_type;
type comsat_port_t, port_type;
type cvs_port_t, port_type;
type dcc_port_t, port_type;
type dbskkd_port_t, port_type;
type dhcpc_port_t, port_type;
type dhcpd_port_t, port_type;
type dict_port_t, port_type;
type distccd_port_t, port_type;
type dns_port_t, port_type;
type fingerd_port_t, port_type;
type ftp_data_port_t, port_type;
type ftp_port_t, port_type;
type gatekeeper_port_t, port_type;
type giftd_port_t, port_type;
type gopher_port_t, port_type;
type http_cache_port_t, port_type;
type http_port_t, port_type;
type howl_port_t, port_type;
type hplip_port_t, port_type;
type i18n_input_port_t, port_type;
type imaze_port_t, port_type;
type inetd_child_port_t, port_type;
type innd_port_t, port_type;
type ipp_port_t, port_type;
type ircd_port_t, port_type;
type isakmp_port_t, port_type;
type jabber_client_port_t, port_type;
type jabber_interserver_port_t, port_type;
type kerberos_admin_port_t, port_type;
type kerberos_master_port_t, port_type;
type kerberos_port_t, port_type;
type ktalkd_port_t, port_type;
type ldap_port_t, port_type;
type lrrd_port_t, port_type; 
type mail_port_t, port_type;
type monopd_port_t, port_type;
type mysqld_port_t, port_type;
type nessus_port_t, port_type;
type nmbd_port_t, port_type;
type ntp_port_t, port_type;
type openvpn_port_t, port_type;
type pegasus_http_port_t, port_type;
type pegasus_https_port_t, port_type;
type pop_port_t, port_type;
type portmap_port_t, port_type;
type postgresql_port_t, port_type;
type postgrey_port_t, port_type;
type printer_port_t, port_type;
type ptal_port_t, port_type;
type pxe_port_t, port_type;
type pyzor_port_t, port_type;
type radacct_port_t, port_type;
type radius_port_t, port_type;
type razor_port_t, port_type;
type rlogind_port_t, port_type;
type rndc_port_t, port_type;
type router_port_t, port_type;
type rsh_port_t, port_type;
type rsync_port_t, port_type;
type smbd_port_t, port_type;
type smtp_port_t, port_type;
type snmp_port_t, port_type;
type spamd_port_t, port_type;
type ssh_port_t, port_type;
type soundd_port_t, port_type;
type socks_port_t, port_type; type stunnel_port_t, port_type; 
type swat_port_t, port_type;
type syslogd_port_t, port_type;
type telnetd_port_t, port_type;
type tftp_port_t, port_type;
type transproxy_port_t, port_type;
type utcpserver_port_t, port_type; 
type uucpd_port_t, port_type;
type vnc_port_t, port_type;
type xserver_port_t, port_type;
type xen_port_t, port_type;
type zebra_port_t, port_type;
type zope_port_t, port_type;
type node_t, node_type;
type compat_ipv4_node_t alias node_compat_ipv4_t, node_type;
type inaddr_any_node_t alias node_inaddr_any_t, node_type;
type node_internal_t, node_type; 
type link_local_node_t alias node_link_local_t, node_type;
type lo_node_t alias node_lo_t, node_type;
type mapped_ipv4_node_t alias node_mapped_ipv4_t, node_type;
type multicast_node_t alias node_multicast_t, node_type;
type site_local_node_t alias node_site_local_t, node_type;
type unspec_node_t alias node_unspec_t, node_type;
type netif_t, netif_type;
type device_t;
type agp_device_t;
type apm_bios_t;
type cardmgr_dev_t;
type clock_device_t;
type cpu_device_t;
type crypt_device_t;
type dri_device_t;
type event_device_t;
type framebuf_device_t;
type lvm_control_t;
type memory_device_t;
type misc_device_t;
type mouse_device_t;
type mtrr_device_t;
type null_device_t;
type power_device_t;
type printer_device_t;
type random_device_t;
type scanner_device_t;
type sound_device_t;
type sysfs_t;
type urandom_device_t;
type usbfs_t alias usbdevfs_t;
type usb_device_t;
type v4l_device_t;
type xserver_misc_device_t;
type zero_device_t;
type xconsole_device_t;
type devfs_control_t;
type boot_t;
type default_t, file_type, mountpoint;
type etc_t, file_type;
type etc_runtime_t, file_type;
type file_t, file_type, mountpoint;
type home_root_t, file_type, mountpoint;
type lost_found_t, file_type;
type mnt_t, file_type, mountpoint;
type modules_object_t;
type no_access_t, file_type;
type poly_t, file_type;
type readable_t, file_type;
type root_t, file_type, mountpoint;
type src_t, file_type, mountpoint;
type system_map_t;
type tmp_t, mountpoint; #, polydir
type usr_t, file_type, mountpoint;
type var_t, file_type, mountpoint;
type var_lib_t, file_type, mountpoint;
type var_lock_t, file_type, lockfile;
type var_run_t, file_type, pidfile;
type var_spool_t;
type fs_t;
type bdev_t;
type binfmt_misc_fs_t;
type capifs_t;
type configfs_t;
type eventpollfs_t;
type futexfs_t;
type hugetlbfs_t;
type inotifyfs_t;
type nfsd_fs_t;
type ramfs_t;
type romfs_t;
type rpc_pipefs_t;
type tmpfs_t;
type autofs_t, noxattrfs;
type cifs_t alias sambafs_t, noxattrfs;
type dosfs_t, noxattrfs;
type iso9660_t, filesystem_type, noxattrfs;
type removable_t, noxattrfs;
type nfs_t, filesystem_type, noxattrfs;
type kernel_t, can_load_kernmodule;
type debugfs_t;
type proc_t, proc_type;
type proc_kmsg_t, proc_type;
type proc_kcore_t, proc_type;
type proc_mdstat_t, proc_type;
type proc_net_t, proc_type;
type proc_xen_t, proc_type;
type sysctl_t, sysctl_type;
type sysctl_irq_t, sysctl_type;
type sysctl_rpc_t, sysctl_type;
type sysctl_fs_t, sysctl_type;
type sysctl_kernel_t, sysctl_type;
type sysctl_modprobe_t, sysctl_type;
type sysctl_hotplug_t, sysctl_type;
type sysctl_net_t, sysctl_type;
type sysctl_net_unix_t, sysctl_type;
type sysctl_vm_t, sysctl_type;
type sysctl_dev_t, sysctl_type;
type unlabeled_t;
type auditd_exec_t;
type crond_exec_t;
type cupsd_exec_t;
type getty_t;
type init_t;
type init_exec_t;
type initrc_t;
type initrc_exec_t;
type login_exec_t;
type sshd_exec_t;
type su_exec_t;
type udev_exec_t;
type unconfined_t;
type xdm_exec_t;
type lvm_exec_t;
type security_t;
type bsdpty_device_t;
type console_device_t;
type devpts_t;
type devtty_t;
type ptmx_t;
type tty_device_t, serial_device;
type usbtty_device_t, serial_device;
	bool secure_mode false;
	bool secure_mode_insmod false;
	bool secure_mode_policyload false;
		bool allow_cvs_read_shadow false;
		bool allow_execheap false;
		bool allow_execmem true;
		bool allow_execmod false;
		bool allow_execstack true;
		bool allow_ftpd_anon_write false;
		bool allow_gssd_read_tmp true;
		bool allow_httpd_anon_write false;
		bool allow_java_execstack false;
		bool allow_kerberos true;
		bool allow_rsync_anon_write false;
		bool allow_saslauthd_read_shadow false;
		bool allow_smbd_anon_write false;
		bool allow_ptrace false;
		bool allow_ypbind false;
		bool fcron_crond false;
		bool ftp_home_dir false;
		bool ftpd_is_daemon true;
		bool httpd_builtin_scripting true;
		bool httpd_can_network_connect false;
		bool httpd_can_network_connect_db false;
		bool httpd_can_network_relay false;
		bool httpd_enable_cgi true;
		bool httpd_enable_ftp_server false;
		bool httpd_enable_homedirs true;
		bool httpd_ssi_exec true;
		bool httpd_tty_comm false;
		bool httpd_unified true;
		bool named_write_master_zones false;
		bool nfs_export_all_rw true;
		bool nfs_export_all_ro true;
		bool pppd_can_insmod false;
		bool read_default_t true;
		bool run_ssh_inetd false;
		bool samba_enable_home_dirs false;
		bool spamassasin_can_network false;
		bool squid_connect_any false;
		bool ssh_sysadm_login false;
		bool stunnel_is_daemon false;
		bool use_nfs_home_dirs false;
		bool use_samba_home_dirs false;
		bool user_ping true;
		bool spamd_enable_home_dirs true;
	allow bin_t fs_t:filesystem associate;
	allow bin_t noxattrfs:filesystem associate;
	typeattribute bin_t file_type;
	allow sbin_t fs_t:filesystem associate;
	allow sbin_t noxattrfs:filesystem associate;
	typeattribute sbin_t file_type;
	allow ls_exec_t fs_t:filesystem associate;
	allow ls_exec_t noxattrfs:filesystem associate;
	typeattribute ls_exec_t file_type;
typeattribute ls_exec_t entry_type;
	allow shell_exec_t fs_t:filesystem associate;
	allow shell_exec_t noxattrfs:filesystem associate;
	typeattribute shell_exec_t file_type;
	allow chroot_exec_t fs_t:filesystem associate;
	allow chroot_exec_t noxattrfs:filesystem associate;
	typeattribute chroot_exec_t file_type;
	typeattribute ppp_device_t device_node;
	allow ppp_device_t fs_t:filesystem associate;
	allow ppp_device_t tmpfs_t:filesystem associate;
	allow ppp_device_t tmp_t:filesystem associate;
	typeattribute tun_tap_device_t device_node;
	allow tun_tap_device_t fs_t:filesystem associate;
	allow tun_tap_device_t tmpfs_t:filesystem associate;
	allow tun_tap_device_t tmp_t:filesystem associate;
typeattribute auth_port_t reserved_port_type;
typeattribute bgp_port_t reserved_port_type;
typeattribute bgp_port_t reserved_port_type;
typeattribute comsat_port_t reserved_port_type;
typeattribute dhcpc_port_t reserved_port_type;
typeattribute dhcpd_port_t reserved_port_type;
typeattribute dhcpd_port_t reserved_port_type;
typeattribute dhcpd_port_t reserved_port_type;
typeattribute dhcpd_port_t reserved_port_type;
typeattribute dhcpd_port_t reserved_port_type;
typeattribute dns_port_t reserved_port_type;
typeattribute dns_port_t reserved_port_type;
typeattribute fingerd_port_t reserved_port_type;
typeattribute ftp_data_port_t reserved_port_type;
typeattribute ftp_port_t reserved_port_type;
typeattribute gopher_port_t reserved_port_type;
typeattribute gopher_port_t reserved_port_type;
typeattribute http_port_t reserved_port_type;
typeattribute http_port_t reserved_port_type;
typeattribute http_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute inetd_child_port_t reserved_port_type;
typeattribute innd_port_t reserved_port_type;
typeattribute ipp_port_t reserved_port_type;
typeattribute ipp_port_t reserved_port_type;
typeattribute isakmp_port_t reserved_port_type;
typeattribute kerberos_admin_port_t reserved_port_type;
typeattribute kerberos_admin_port_t reserved_port_type;
typeattribute kerberos_admin_port_t reserved_port_type;
typeattribute kerberos_port_t reserved_port_type;
typeattribute kerberos_port_t reserved_port_type;
typeattribute kerberos_port_t reserved_port_type;
typeattribute kerberos_port_t reserved_port_type;
typeattribute ktalkd_port_t reserved_port_type;
typeattribute ktalkd_port_t reserved_port_type;
typeattribute ldap_port_t reserved_port_type;
typeattribute ldap_port_t reserved_port_type;
typeattribute ldap_port_t reserved_port_type;
typeattribute ldap_port_t reserved_port_type;
typeattribute nmbd_port_t reserved_port_type;
typeattribute nmbd_port_t reserved_port_type;
typeattribute nmbd_port_t reserved_port_type;
typeattribute ntp_port_t reserved_port_type;
typeattribute pop_port_t reserved_port_type;
typeattribute pop_port_t reserved_port_type;
typeattribute pop_port_t reserved_port_type;
typeattribute pop_port_t reserved_port_type;
typeattribute pop_port_t reserved_port_type;
typeattribute pop_port_t reserved_port_type;
typeattribute pop_port_t reserved_port_type;
typeattribute portmap_port_t reserved_port_type;
typeattribute portmap_port_t reserved_port_type;
typeattribute printer_port_t reserved_port_type;
typeattribute rlogind_port_t reserved_port_type;
typeattribute rndc_port_t reserved_port_type;
typeattribute router_port_t reserved_port_type;
typeattribute rsh_port_t reserved_port_type;
typeattribute rsync_port_t reserved_port_type;
typeattribute rsync_port_t reserved_port_type;
typeattribute smbd_port_t reserved_port_type;
typeattribute smbd_port_t reserved_port_type;
typeattribute smtp_port_t reserved_port_type;
typeattribute smtp_port_t reserved_port_type;
typeattribute smtp_port_t reserved_port_type;
typeattribute snmp_port_t reserved_port_type;
typeattribute snmp_port_t reserved_port_type;
typeattribute snmp_port_t reserved_port_type;
typeattribute spamd_port_t reserved_port_type;
typeattribute ssh_port_t reserved_port_type;
typeattribute swat_port_t reserved_port_type;
typeattribute syslogd_port_t reserved_port_type;
typeattribute telnetd_port_t reserved_port_type;
typeattribute tftp_port_t reserved_port_type;
typeattribute uucpd_port_t reserved_port_type;
	allow device_t tmpfs_t:filesystem associate;
	allow device_t fs_t:filesystem associate;
	allow device_t noxattrfs:filesystem associate;
	typeattribute device_t file_type;
	allow device_t fs_t:filesystem associate;
	allow device_t noxattrfs:filesystem associate;
	typeattribute device_t file_type;
	typeattribute device_t mountpoint;
	allow device_t tmp_t:filesystem associate;
	typeattribute agp_device_t device_node;
	allow agp_device_t fs_t:filesystem associate;
	allow agp_device_t tmpfs_t:filesystem associate;
	allow agp_device_t tmp_t:filesystem associate;
	typeattribute apm_bios_t device_node;
	allow apm_bios_t fs_t:filesystem associate;
	allow apm_bios_t tmpfs_t:filesystem associate;
	allow apm_bios_t tmp_t:filesystem associate;
	typeattribute cardmgr_dev_t device_node;
	allow cardmgr_dev_t fs_t:filesystem associate;
	allow cardmgr_dev_t tmpfs_t:filesystem associate;
	allow cardmgr_dev_t tmp_t:filesystem associate;
	allow cardmgr_dev_t fs_t:filesystem associate;
	allow cardmgr_dev_t noxattrfs:filesystem associate;
	typeattribute cardmgr_dev_t file_type;
	allow cardmgr_dev_t fs_t:filesystem associate;
	allow cardmgr_dev_t noxattrfs:filesystem associate;
	typeattribute cardmgr_dev_t file_type;
	typeattribute cardmgr_dev_t polymember;
	allow cardmgr_dev_t tmpfs_t:filesystem associate;
	typeattribute cardmgr_dev_t tmpfile;
	allow cardmgr_dev_t tmp_t:filesystem associate;
	typeattribute clock_device_t device_node;
	allow clock_device_t fs_t:filesystem associate;
	allow clock_device_t tmpfs_t:filesystem associate;
	allow clock_device_t tmp_t:filesystem associate;
	typeattribute cpu_device_t device_node;
	allow cpu_device_t fs_t:filesystem associate;
	allow cpu_device_t tmpfs_t:filesystem associate;
	allow cpu_device_t tmp_t:filesystem associate;
	typeattribute crypt_device_t device_node;
	allow crypt_device_t fs_t:filesystem associate;
	allow crypt_device_t tmpfs_t:filesystem associate;
	allow crypt_device_t tmp_t:filesystem associate;
	typeattribute dri_device_t device_node;
	allow dri_device_t fs_t:filesystem associate;
	allow dri_device_t tmpfs_t:filesystem associate;
	allow dri_device_t tmp_t:filesystem associate;
	typeattribute event_device_t device_node;
	allow event_device_t fs_t:filesystem associate;
	allow event_device_t tmpfs_t:filesystem associate;
	allow event_device_t tmp_t:filesystem associate;
	typeattribute framebuf_device_t device_node;
	allow framebuf_device_t fs_t:filesystem associate;
	allow framebuf_device_t tmpfs_t:filesystem associate;
	allow framebuf_device_t tmp_t:filesystem associate;
	typeattribute lvm_control_t device_node;
	allow lvm_control_t fs_t:filesystem associate;
	allow lvm_control_t tmpfs_t:filesystem associate;
	allow lvm_control_t tmp_t:filesystem associate;
	typeattribute memory_device_t device_node;
	allow memory_device_t fs_t:filesystem associate;
	allow memory_device_t tmpfs_t:filesystem associate;
	allow memory_device_t tmp_t:filesystem associate;
neverallow ~memory_raw_read memory_device_t:{ chr_file blk_file } read;
neverallow ~memory_raw_write memory_device_t:{ chr_file blk_file } { append write };
	typeattribute misc_device_t device_node;
	allow misc_device_t fs_t:filesystem associate;
	allow misc_device_t tmpfs_t:filesystem associate;
	allow misc_device_t tmp_t:filesystem associate;
	typeattribute mouse_device_t device_node;
	allow mouse_device_t fs_t:filesystem associate;
	allow mouse_device_t tmpfs_t:filesystem associate;
	allow mouse_device_t tmp_t:filesystem associate;
	typeattribute mtrr_device_t device_node;
	allow mtrr_device_t fs_t:filesystem associate;
	allow mtrr_device_t tmpfs_t:filesystem associate;
	allow mtrr_device_t tmp_t:filesystem associate;
	typeattribute null_device_t device_node;
	allow null_device_t fs_t:filesystem associate;
	allow null_device_t tmpfs_t:filesystem associate;
	allow null_device_t tmp_t:filesystem associate;
	typeattribute null_device_t mlstrustedobject;
	typeattribute power_device_t device_node;
	allow power_device_t fs_t:filesystem associate;
	allow power_device_t tmpfs_t:filesystem associate;
	allow power_device_t tmp_t:filesystem associate;
	typeattribute printer_device_t device_node;
	allow printer_device_t fs_t:filesystem associate;
	allow printer_device_t tmpfs_t:filesystem associate;
	allow printer_device_t tmp_t:filesystem associate;
	typeattribute random_device_t device_node;
	allow random_device_t fs_t:filesystem associate;
	allow random_device_t tmpfs_t:filesystem associate;
	allow random_device_t tmp_t:filesystem associate;
	typeattribute scanner_device_t device_node;
	allow scanner_device_t fs_t:filesystem associate;
	allow scanner_device_t tmpfs_t:filesystem associate;
	allow scanner_device_t tmp_t:filesystem associate;
	typeattribute sound_device_t device_node;
	allow sound_device_t fs_t:filesystem associate;
	allow sound_device_t tmpfs_t:filesystem associate;
	allow sound_device_t tmp_t:filesystem associate;
	allow sysfs_t fs_t:filesystem associate;
	allow sysfs_t noxattrfs:filesystem associate;
	typeattribute sysfs_t file_type;
	typeattribute sysfs_t mountpoint;
	typeattribute sysfs_t filesystem_type;
	allow sysfs_t self:filesystem associate;
	typeattribute urandom_device_t device_node;
	allow urandom_device_t fs_t:filesystem associate;
	allow urandom_device_t tmpfs_t:filesystem associate;
	allow urandom_device_t tmp_t:filesystem associate;
	allow usbfs_t fs_t:filesystem associate;
	allow usbfs_t noxattrfs:filesystem associate;
	typeattribute usbfs_t file_type;
	typeattribute usbfs_t mountpoint;
	typeattribute usbfs_t filesystem_type;
	allow usbfs_t self:filesystem associate;
	typeattribute usbfs_t noxattrfs;
	typeattribute usb_device_t device_node;
	allow usb_device_t fs_t:filesystem associate;
	allow usb_device_t tmpfs_t:filesystem associate;
	allow usb_device_t tmp_t:filesystem associate;
	typeattribute v4l_device_t device_node;
	allow v4l_device_t fs_t:filesystem associate;
	allow v4l_device_t tmpfs_t:filesystem associate;
	allow v4l_device_t tmp_t:filesystem associate;
	typeattribute xserver_misc_device_t device_node;
	allow xserver_misc_device_t fs_t:filesystem associate;
	allow xserver_misc_device_t tmpfs_t:filesystem associate;
	allow xserver_misc_device_t tmp_t:filesystem associate;
	typeattribute zero_device_t device_node;
	allow zero_device_t fs_t:filesystem associate;
	allow zero_device_t tmpfs_t:filesystem associate;
	allow zero_device_t tmp_t:filesystem associate;
	typeattribute zero_device_t mlstrustedobject;
	allow xconsole_device_t fs_t:filesystem associate;
	allow xconsole_device_t noxattrfs:filesystem associate;
	typeattribute xconsole_device_t file_type;
	allow xconsole_device_t tmpfs_t:filesystem associate;
	allow xconsole_device_t tmp_t:filesystem associate;
	typeattribute devfs_control_t device_node;
	allow devfs_control_t fs_t:filesystem associate;
	allow devfs_control_t tmpfs_t:filesystem associate;
	allow devfs_control_t tmp_t:filesystem associate;
neverallow domain ~domain:process { transition dyntransition };
neverallow { domain -set_curr_context } self:process setcurrent;
neverallow { domain unlabeled_t } ~{ domain unlabeled_t }:process *;
neverallow ~{ domain unlabeled_t } *:process *;
allow file_type self:filesystem associate;
	allow boot_t fs_t:filesystem associate;
	allow boot_t noxattrfs:filesystem associate;
	typeattribute boot_t file_type;
	allow boot_t fs_t:filesystem associate;
	allow boot_t noxattrfs:filesystem associate;
	typeattribute boot_t file_type;
	typeattribute boot_t mountpoint;
	allow default_t fs_t:filesystem associate;
	allow default_t noxattrfs:filesystem associate;
	allow etc_t fs_t:filesystem associate;
	allow etc_t noxattrfs:filesystem associate;
	allow etc_runtime_t fs_t:filesystem associate;
	allow etc_runtime_t noxattrfs:filesystem associate;
	allow file_t fs_t:filesystem associate;
	allow file_t noxattrfs:filesystem associate;
	allow kernel_t file_t:dir mounton;
	allow home_root_t fs_t:filesystem associate;
	allow home_root_t noxattrfs:filesystem associate;
	allow home_root_t fs_t:filesystem associate;
	allow home_root_t noxattrfs:filesystem associate;
	typeattribute home_root_t file_type;
	typeattribute home_root_t polyparent;
	allow lost_found_t fs_t:filesystem associate;
	allow lost_found_t noxattrfs:filesystem associate;
	allow mnt_t fs_t:filesystem associate;
	allow mnt_t noxattrfs:filesystem associate;
	allow modules_object_t fs_t:filesystem associate;
	allow modules_object_t noxattrfs:filesystem associate;
	typeattribute modules_object_t file_type;
	allow no_access_t fs_t:filesystem associate;
	allow no_access_t noxattrfs:filesystem associate;
	allow poly_t fs_t:filesystem associate;
	allow poly_t noxattrfs:filesystem associate;
	allow readable_t fs_t:filesystem associate;
	allow readable_t noxattrfs:filesystem associate;
	allow root_t fs_t:filesystem associate;
	allow root_t noxattrfs:filesystem associate;
	allow root_t fs_t:filesystem associate;
	allow root_t noxattrfs:filesystem associate;
	typeattribute root_t file_type;
	typeattribute root_t polyparent;
	allow kernel_t root_t:dir mounton;
	allow src_t fs_t:filesystem associate;
	allow src_t noxattrfs:filesystem associate;
	allow system_map_t fs_t:filesystem associate;
	allow system_map_t noxattrfs:filesystem associate;
	typeattribute system_map_t file_type;
	allow tmp_t fs_t:filesystem associate;
	allow tmp_t noxattrfs:filesystem associate;
	typeattribute tmp_t file_type;
	allow tmp_t fs_t:filesystem associate;
	allow tmp_t noxattrfs:filesystem associate;
	typeattribute tmp_t file_type;
	typeattribute tmp_t polymember;
	allow tmp_t tmpfs_t:filesystem associate;
	typeattribute tmp_t tmpfile;
	allow tmp_t tmp_t:filesystem associate;
	allow tmp_t fs_t:filesystem associate;
	allow tmp_t noxattrfs:filesystem associate;
	typeattribute tmp_t file_type;
	typeattribute tmp_t polyparent;
	allow usr_t fs_t:filesystem associate;
	allow usr_t noxattrfs:filesystem associate;
	allow var_t fs_t:filesystem associate;
	allow var_t noxattrfs:filesystem associate;
	allow var_lib_t fs_t:filesystem associate;
	allow var_lib_t noxattrfs:filesystem associate;
	allow var_lock_t fs_t:filesystem associate;
	allow var_lock_t noxattrfs:filesystem associate;
	allow var_run_t fs_t:filesystem associate;
	allow var_run_t noxattrfs:filesystem associate;
	allow var_spool_t fs_t:filesystem associate;
	allow var_spool_t noxattrfs:filesystem associate;
	typeattribute var_spool_t file_type;
	allow var_spool_t fs_t:filesystem associate;
	allow var_spool_t noxattrfs:filesystem associate;
	typeattribute var_spool_t file_type;
	typeattribute var_spool_t polymember;
	allow var_spool_t tmpfs_t:filesystem associate;
	typeattribute var_spool_t tmpfile;
	allow var_spool_t tmp_t:filesystem associate;
	typeattribute fs_t filesystem_type;
	allow fs_t self:filesystem associate;
	typeattribute bdev_t filesystem_type;
	allow bdev_t self:filesystem associate;
	typeattribute binfmt_misc_fs_t filesystem_type;
	allow binfmt_misc_fs_t self:filesystem associate;
	allow binfmt_misc_fs_t fs_t:filesystem associate;
	allow binfmt_misc_fs_t noxattrfs:filesystem associate;
	typeattribute binfmt_misc_fs_t file_type;
	typeattribute binfmt_misc_fs_t mountpoint;
	typeattribute capifs_t filesystem_type;
	allow capifs_t self:filesystem associate;
	typeattribute configfs_t filesystem_type;
	allow configfs_t self:filesystem associate;
	typeattribute eventpollfs_t filesystem_type;
	allow eventpollfs_t self:filesystem associate;
	typeattribute futexfs_t filesystem_type;
	allow futexfs_t self:filesystem associate;
	typeattribute hugetlbfs_t filesystem_type;
	allow hugetlbfs_t self:filesystem associate;
	allow hugetlbfs_t fs_t:filesystem associate;
	allow hugetlbfs_t noxattrfs:filesystem associate;
	typeattribute hugetlbfs_t file_type;
	typeattribute hugetlbfs_t mountpoint;
	typeattribute inotifyfs_t filesystem_type;
	allow inotifyfs_t self:filesystem associate;
	typeattribute nfsd_fs_t filesystem_type;
	allow nfsd_fs_t self:filesystem associate;
	typeattribute ramfs_t filesystem_type;
	allow ramfs_t self:filesystem associate;
	typeattribute romfs_t filesystem_type;
	allow romfs_t self:filesystem associate;
	typeattribute rpc_pipefs_t filesystem_type;
	allow rpc_pipefs_t self:filesystem associate;
	typeattribute tmpfs_t filesystem_type;
	allow tmpfs_t self:filesystem associate;
	allow tmpfs_t fs_t:filesystem associate;
	allow tmpfs_t noxattrfs:filesystem associate;
	typeattribute tmpfs_t file_type;
	allow tmpfs_t fs_t:filesystem associate;
	allow tmpfs_t noxattrfs:filesystem associate;
	typeattribute tmpfs_t file_type;
	typeattribute tmpfs_t mountpoint;
allow tmpfs_t noxattrfs:filesystem associate;
	typeattribute autofs_t filesystem_type;
	allow autofs_t self:filesystem associate;
	allow autofs_t fs_t:filesystem associate;
	allow autofs_t noxattrfs:filesystem associate;
	typeattribute autofs_t file_type;
	typeattribute autofs_t mountpoint;
	typeattribute cifs_t filesystem_type;
	allow cifs_t self:filesystem associate;
	typeattribute dosfs_t filesystem_type;
	allow dosfs_t self:filesystem associate;
allow dosfs_t fs_t:filesystem associate;
	typeattribute iso9660_t filesystem_type;
	allow iso9660_t self:filesystem associate;
allow removable_t noxattrfs:filesystem associate;
	typeattribute removable_t filesystem_type;
	allow removable_t self:filesystem associate;
	allow removable_t fs_t:filesystem associate;
	allow removable_t noxattrfs:filesystem associate;
	typeattribute removable_t file_type;
	typeattribute removable_t usercanread;
	typeattribute nfs_t filesystem_type;
	allow nfs_t self:filesystem associate;
	allow nfs_t fs_t:filesystem associate;
	allow nfs_t noxattrfs:filesystem associate;
	typeattribute nfs_t file_type;
	typeattribute nfs_t mountpoint;
neverallow ~can_load_kernmodule self:capability sys_module;
role system_r;
role sysadm_r;
role staff_r;
role user_r;
role secadm_r;
	typeattribute kernel_t domain;
	allow kernel_t self:dir { read getattr lock search ioctl };
	allow kernel_t self:lnk_file { read getattr lock ioctl };
	allow kernel_t self:file { getattr read write append ioctl lock };
	allow kernel_t self:process { fork sigchld };
		role secadm_r types kernel_t;
		role sysadm_r types kernel_t;
		role user_r types kernel_t;
		role staff_r types kernel_t;
	typeattribute kernel_t privrangetrans;
role system_r types kernel_t;
	typeattribute debugfs_t filesystem_type;
	allow debugfs_t self:filesystem associate;
allow debugfs_t self:filesystem associate;
	allow proc_t fs_t:filesystem associate;
	allow proc_t noxattrfs:filesystem associate;
	typeattribute proc_t file_type;
	typeattribute proc_t mountpoint;
	typeattribute proc_t filesystem_type;
	allow proc_t self:filesystem associate;
neverallow ~can_receive_kernel_messages proc_kmsg_t:file ~getattr;
neverallow { domain -kern_unconfined } proc_kcore_t:file ~getattr;
	allow sysctl_t fs_t:filesystem associate;
	allow sysctl_t noxattrfs:filesystem associate;
	typeattribute sysctl_t file_type;
	typeattribute sysctl_t mountpoint;
	allow sysctl_fs_t fs_t:filesystem associate;
	allow sysctl_fs_t noxattrfs:filesystem associate;
	typeattribute sysctl_fs_t file_type;
	typeattribute sysctl_fs_t mountpoint;
allow kernel_t self:capability *;
allow kernel_t unlabeled_t:dir mounton;
allow kernel_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow kernel_t self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow kernel_t self:sem { associate getattr setattr create destroy read write unix_read unix_write };
allow kernel_t self:msg { send receive };
allow kernel_t self:msgq { associate getattr setattr create destroy read write enqueue unix_read unix_write };
allow kernel_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow kernel_t self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow kernel_t self:unix_dgram_socket sendto;
allow kernel_t self:unix_stream_socket connectto;
allow kernel_t self:fifo_file { getattr read write append ioctl lock };
allow kernel_t self:sock_file { read getattr lock ioctl };
allow kernel_t self:fd use;
allow kernel_t proc_t:dir { read getattr lock search ioctl };
allow kernel_t proc_t:{ lnk_file file } { read getattr lock ioctl };
allow kernel_t proc_net_t:dir { read getattr lock search ioctl };
allow kernel_t proc_net_t:file { read getattr lock ioctl };
allow kernel_t proc_mdstat_t:file { read getattr lock ioctl };
allow kernel_t proc_kcore_t:file getattr;
allow kernel_t proc_kmsg_t:file getattr;
allow kernel_t sysctl_t:dir { read getattr lock search ioctl };
allow kernel_t sysctl_kernel_t:dir { read getattr lock search ioctl };
allow kernel_t sysctl_kernel_t:file { read getattr lock ioctl };
allow kernel_t unlabeled_t:fifo_file { getattr read write append ioctl lock };
	allow kernel_t unlabeled_t:association { sendto recvfrom };
	allow kernel_t netif_type:netif rawip_send;
	allow kernel_t netif_type:netif rawip_recv;
	allow kernel_t node_type:node rawip_send;
	allow kernel_t node_type:node rawip_recv;
	allow kernel_t netif_t:netif rawip_send;
	allow kernel_t netif_type:netif { tcp_send tcp_recv };
	allow kernel_t node_type:node { tcp_send tcp_recv };
	allow kernel_t node_t:node rawip_send;
	allow kernel_t multicast_node_t:node rawip_send;
	allow kernel_t sysfs_t:dir { read getattr lock search ioctl };
	allow kernel_t sysfs_t:{ file lnk_file } { read getattr lock ioctl };
	allow kernel_t usbfs_t:dir search;
	allow kernel_t filesystem_type:filesystem mount;
	allow kernel_t security_t:dir { read search getattr };
	allow kernel_t security_t:file { getattr read write };
	typeattribute kernel_t can_load_policy;
	if(!secure_mode_policyload) {
		allow kernel_t security_t:security load_policy;
		auditallow kernel_t security_t:security load_policy;
	}
	allow kernel_t device_t:dir { read getattr lock search ioctl };
	allow kernel_t device_t:lnk_file { getattr read };
	allow kernel_t console_device_t:chr_file { getattr read write append ioctl lock };
	allow kernel_t bin_t:dir { read getattr lock search ioctl };
	allow kernel_t bin_t:lnk_file { read getattr lock ioctl };
	allow kernel_t shell_exec_t:file { { read getattr lock execute ioctl } execute_no_trans };
	allow kernel_t sbin_t:dir { read getattr lock search ioctl };
	allow kernel_t bin_t:dir { read getattr lock search ioctl };
	allow kernel_t bin_t:lnk_file { read getattr lock ioctl };
	allow kernel_t bin_t:file { { read getattr lock execute ioctl } execute_no_trans };
	allow kernel_t domain:process signal;
	allow kernel_t proc_t:dir search;
	allow kernel_t domain:dir search;
	allow kernel_t root_t:dir { read getattr lock search ioctl };
	allow kernel_t root_t:lnk_file { read getattr lock ioctl };
	allow kernel_t etc_t:dir { read getattr lock search ioctl };
	allow kernel_t home_root_t:dir { read getattr lock search ioctl };
	allow kernel_t usr_t:dir { read getattr lock search ioctl };
	allow kernel_t usr_t:{ file lnk_file } { read getattr lock ioctl };
	typeattribute kernel_t mlsprocread;
	typeattribute kernel_t mlsprocwrite;
	allow kernel_t self:capability *;
	allow kernel_t self:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
	allow kernel_t self:process transition;
	allow kernel_t self:file { getattr read write append ioctl lock };
	allow kernel_t self:nscd *;
	allow kernel_t self:dbus *;
	allow kernel_t self:passwd *;
	allow kernel_t proc_type:{ dir file } *;
	allow kernel_t sysctl_t:{ dir file } *;
	allow kernel_t kernel_t:system *;
	allow kernel_t unlabeled_t:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *;
	allow kernel_t unlabeled_t:filesystem *;
	allow kernel_t unlabeled_t:association *;
	typeattribute kernel_t can_load_kernmodule, can_receive_kernel_messages;
	typeattribute kernel_t kern_unconfined;
	allow kernel_t { proc_t proc_net_t }:dir search;
	allow kernel_t sysctl_type:dir { read getattr lock search ioctl };
	allow kernel_t sysctl_type:file { { getattr read write append ioctl lock } setattr };
	allow kernel_t node_type:node *;
	allow kernel_t netif_type:netif *;
	allow kernel_t port_type:tcp_socket { send_msg recv_msg name_connect };
	allow kernel_t port_type:udp_socket { send_msg recv_msg };
	allow kernel_t port_type:{ tcp_socket udp_socket rawip_socket } name_bind;
	allow kernel_t node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
	allow kernel_t unlabeled_t:association { sendto recvfrom };
	allow kernel_t device_node:{ chr_file blk_file } *;
	allow kernel_t mtrr_device_t:{ dir file } *;
	allow kernel_t self:capability sys_rawio;
	typeattribute kernel_t memory_raw_write, memory_raw_read;
	typeattribute kernel_t unconfined_domain_type;
	typeattribute kernel_t can_change_process_identity;
	typeattribute kernel_t can_change_process_role;
	typeattribute kernel_t can_change_object_identity;
	typeattribute kernel_t set_curr_context;
	allow kernel_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } socket key_socket } *;
	allow kernel_t domain:fd use;
	allow kernel_t domain:fifo_file { getattr read write append ioctl lock };
	allow kernel_t domain:process ~{ transition dyntransition execmem execstack execheap };
	allow kernel_t domain:{ sem msgq shm } *;
	allow kernel_t domain:msg { send receive };
	allow kernel_t domain:dir { read getattr lock search ioctl };
	allow kernel_t domain:file { read getattr lock ioctl };
	allow kernel_t domain:lnk_file { read getattr lock ioctl };
	dontaudit kernel_t domain:dir { read getattr lock search ioctl };
	dontaudit kernel_t domain:lnk_file { read getattr lock ioctl };
	dontaudit kernel_t domain:file { read getattr lock ioctl };
	dontaudit kernel_t domain:sock_file { read getattr lock ioctl };
	dontaudit kernel_t domain:fifo_file { read getattr lock ioctl };
	allow kernel_t file_type:{ file chr_file } ~execmod;
	allow kernel_t file_type:{ dir lnk_file sock_file fifo_file blk_file } *;
	allow kernel_t file_type:filesystem *;
	allow kernel_t file_type:{ unix_stream_socket unix_dgram_socket } name_bind;
		if (allow_execmod) {
			allow kernel_t file_type:file execmod;
		}
	allow kernel_t filesystem_type:filesystem *;
	allow kernel_t filesystem_type:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *;
	allow kernel_t security_t:dir { getattr search read };
	allow kernel_t security_t:file { getattr read write };
	typeattribute kernel_t can_load_policy, can_setenforce, can_setsecparam;
	if(!secure_mode_policyload) {
		allow kernel_t security_t:security *;
		auditallow kernel_t security_t:security { load_policy setenforce setbool };
	}
		if (allow_execheap) {
		allow kernel_t self:process execheap;
		}
		if (allow_execmem) {
		allow kernel_t self:process execmem;
		}
		if (allow_execmem && allow_execstack) {
		allow kernel_t self:process execstack;
		auditallow kernel_t self:process execstack;
		} else {
		}
		if (allow_execheap) {
		auditallow kernel_t self:process execheap;
		}
		if (allow_execmem) {
		auditallow kernel_t self:process execmem;
		}
		if (read_default_t) {
	allow kernel_t default_t:dir { read getattr lock search ioctl };
	allow kernel_t default_t:file { read getattr lock ioctl };
	allow kernel_t default_t:lnk_file { read getattr lock ioctl };
	allow kernel_t default_t:sock_file { read getattr lock ioctl };
	allow kernel_t default_t:fifo_file { read getattr lock ioctl };
		}
	allow unlabeled_t self:filesystem associate;
range_transition getty_t login_exec_t s0 - s0:c0.c255;
range_transition init_t xdm_exec_t s0 - s0:c0.c255;
range_transition initrc_t crond_exec_t s0 - s0:c0.c255;
range_transition initrc_t cupsd_exec_t s0 - s0:c0.c255;
range_transition initrc_t sshd_exec_t s0 - s0:c0.c255;
range_transition initrc_t udev_exec_t s0 - s0:c0.c255;
range_transition initrc_t xdm_exec_t s0 - s0:c0.c255;
range_transition kernel_t udev_exec_t s0 - s0:c0.c255;
range_transition unconfined_t su_exec_t s0 - s0:c0.c255;
range_transition unconfined_t initrc_exec_t s0;
	typeattribute security_t filesystem_type;
	allow security_t self:filesystem associate;
	typeattribute security_t mlstrustedobject;
neverallow ~can_load_policy security_t:security load_policy;
neverallow ~can_setenforce security_t:security setenforce;
neverallow ~can_setsecparam security_t:security setsecparam;
	typeattribute bsdpty_device_t device_node;
	allow bsdpty_device_t fs_t:filesystem associate;
	allow bsdpty_device_t tmpfs_t:filesystem associate;
	allow bsdpty_device_t tmp_t:filesystem associate;
	typeattribute console_device_t device_node;
	allow console_device_t fs_t:filesystem associate;
	allow console_device_t tmpfs_t:filesystem associate;
	allow console_device_t tmp_t:filesystem associate;
	allow devpts_t fs_t:filesystem associate;
	allow devpts_t noxattrfs:filesystem associate;
	typeattribute devpts_t file_type;
	typeattribute devpts_t mountpoint;
	allow devpts_t tmpfs_t:filesystem associate;
	allow devpts_t tmp_t:filesystem associate;
	typeattribute devpts_t filesystem_type;
	allow devpts_t self:filesystem associate;
	typeattribute devpts_t ttynode, ptynode;
	typeattribute devtty_t device_node;
	allow devtty_t fs_t:filesystem associate;
	allow devtty_t tmpfs_t:filesystem associate;
	allow devtty_t tmp_t:filesystem associate;
	typeattribute devtty_t mlstrustedobject;
	typeattribute ptmx_t device_node;
	allow ptmx_t fs_t:filesystem associate;
	allow ptmx_t tmpfs_t:filesystem associate;
	allow ptmx_t tmp_t:filesystem associate;
	typeattribute ptmx_t mlstrustedobject;
	typeattribute tty_device_t device_node;
	allow tty_device_t fs_t:filesystem associate;
	allow tty_device_t tmpfs_t:filesystem associate;
	allow tty_device_t tmp_t:filesystem associate;
	typeattribute tty_device_t ttynode;
	typeattribute usbtty_device_t device_node;
	allow usbtty_device_t fs_t:filesystem associate;
	allow usbtty_device_t tmpfs_t:filesystem associate;
	allow usbtty_device_t tmp_t:filesystem associate;
user system_u roles { system_r } level s0 range s0 - s0:c0.c255;
user user_u roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255;
	user root roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255;
constrain process transition
	( u1 == u2
	or t1 == can_change_process_identity
);
constrain process transition 
	( r1 == r2
	or t1 == can_change_process_role
);
constrain process dyntransition
	( u1 == u2 and r1 == r2 );
constrain { dir file lnk_file sock_file fifo_file chr_file blk_file } { create relabelto relabelfrom } 
	( u1 == u2 or t1 == can_change_object_identity );
constrain { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } { create relabelto relabelfrom } 
	( u1 == u2 or t1 == can_change_object_identity );
sid port system_u:object_r:port_t:s0
sid node system_u:object_r:node_t:s0
sid netif system_u:object_r:netif_t:s0
sid devnull system_u:object_r:null_device_t:s0
sid file system_u:object_r:file_t:s0
sid fs system_u:object_r:fs_t:s0
sid kernel system_u:system_r:kernel_t:s0
sid sysctl system_u:object_r:sysctl_t:s0
sid unlabeled system_u:object_r:unlabeled_t:s0
sid any_socket		system_u:object_r:unlabeled_t:s0
sid file_labels		system_u:object_r:unlabeled_t:s0
sid icmp_socket		system_u:object_r:unlabeled_t:s0
sid igmp_packet		system_u:object_r:unlabeled_t:s0
sid init			system_u:object_r:unlabeled_t:s0
sid kmod			system_u:object_r:unlabeled_t:s0
sid netmsg		system_u:object_r:unlabeled_t:s0
sid policy		system_u:object_r:unlabeled_t:s0
sid scmp_packet		system_u:object_r:unlabeled_t:s0
sid sysctl_modprobe 	system_u:object_r:unlabeled_t:s0
sid sysctl_fs		system_u:object_r:unlabeled_t:s0
sid sysctl_kernel	system_u:object_r:unlabeled_t:s0
sid sysctl_net		system_u:object_r:unlabeled_t:s0
sid sysctl_net_unix	system_u:object_r:unlabeled_t:s0
sid sysctl_vm		system_u:object_r:unlabeled_t:s0
sid sysctl_dev		system_u:object_r:unlabeled_t:s0
sid tcp_socket		system_u:object_r:unlabeled_t:s0
sid security system_u:object_r:security_t:s0
fs_use_xattr ext2 system_u:object_r:fs_t:s0;
fs_use_xattr ext3 system_u:object_r:fs_t:s0;
fs_use_xattr gfs system_u:object_r:fs_t:s0;
fs_use_xattr jfs system_u:object_r:fs_t:s0;
fs_use_xattr reiserfs system_u:object_r:fs_t:s0;
fs_use_xattr xfs system_u:object_r:fs_t:s0;
fs_use_task pipefs system_u:object_r:fs_t:s0;
fs_use_task sockfs system_u:object_r:fs_t:s0;
fs_use_trans mqueue system_u:object_r:tmpfs_t:s0;
fs_use_trans shm system_u:object_r:tmpfs_t:s0;
fs_use_trans tmpfs system_u:object_r:tmpfs_t:s0;
fs_use_trans devpts system_u:object_r:devpts_t:s0;
genfscon proc /mtrr system_u:object_r:mtrr_device_t:s0
genfscon sysfs / system_u:object_r:sysfs_t:s0
genfscon usbfs / system_u:object_r:usbfs_t:s0
genfscon usbdevfs / system_u:object_r:usbfs_t:s0
genfscon rootfs / system_u:object_r:root_t:s0
genfscon bdev / system_u:object_r:bdev_t:s0
genfscon binfmt_misc / system_u:object_r:binfmt_misc_fs_t:s0
genfscon capifs / system_u:object_r:capifs_t:s0
genfscon configfs / system_u:object_r:configfs_t:s0
genfscon eventpollfs / system_u:object_r:eventpollfs_t:s0
genfscon futexfs / system_u:object_r:futexfs_t:s0
genfscon hugetlbfs / system_u:object_r:hugetlbfs_t:s0
genfscon inotifyfs / system_u:object_r:inotifyfs_t:s0
genfscon nfsd / system_u:object_r:nfsd_fs_t:s0
genfscon ramfs / system_u:object_r:ramfs_t:s0
genfscon romfs / system_u:object_r:romfs_t:s0
genfscon cramfs / system_u:object_r:romfs_t:s0
genfscon rpc_pipefs / system_u:object_r:rpc_pipefs_t:s0
genfscon autofs / system_u:object_r:autofs_t:s0
genfscon automount / system_u:object_r:autofs_t:s0
genfscon cifs / system_u:object_r:cifs_t:s0
genfscon smbfs / system_u:object_r:cifs_t:s0
genfscon fat / system_u:object_r:dosfs_t:s0
genfscon msdos / system_u:object_r:dosfs_t:s0
genfscon ntfs / system_u:object_r:dosfs_t:s0
genfscon vfat / system_u:object_r:dosfs_t:s0
genfscon iso9660 / system_u:object_r:iso9660_t:s0
genfscon udf / system_u:object_r:iso9660_t:s0
genfscon nfs / system_u:object_r:nfs_t:s0
genfscon nfs4 / system_u:object_r:nfs_t:s0
genfscon afs / system_u:object_r:nfs_t:s0
genfscon hfsplus / system_u:object_r:nfs_t:s0
genfscon debugfs / system_u:object_r:debugfs_t:s0
genfscon proc / system_u:object_r:proc_t:s0
genfscon proc /sysvipc system_u:object_r:proc_t:s0
genfscon proc /kmsg system_u:object_r:proc_kmsg_t:s0
genfscon proc /kcore system_u:object_r:proc_kcore_t:s0
genfscon proc /mdstat system_u:object_r:proc_mdstat_t:s0
genfscon proc /net system_u:object_r:proc_net_t:s0
genfscon proc /xen system_u:object_r:proc_xen_t:s0
genfscon proc /sys system_u:object_r:sysctl_t:s0
genfscon proc /irq system_u:object_r:sysctl_irq_t:s0
genfscon proc /net/rpc system_u:object_r:sysctl_rpc_t:s0
genfscon proc /sys/fs system_u:object_r:sysctl_fs_t:s0
genfscon proc /sys/kernel system_u:object_r:sysctl_kernel_t:s0
genfscon proc /sys/kernel/modprobe system_u:object_r:sysctl_modprobe_t:s0
genfscon proc /sys/kernel/hotplug system_u:object_r:sysctl_hotplug_t:s0
genfscon proc /sys/net system_u:object_r:sysctl_net_t:s0
genfscon proc /sys/net/unix system_u:object_r:sysctl_net_unix_t:s0
genfscon proc /sys/vm system_u:object_r:sysctl_vm_t:s0
genfscon proc /sys/dev system_u:object_r:sysctl_dev_t:s0
genfscon selinuxfs / system_u:object_r:security_t:s0
portcon udp 7007 system_u:object_r:afs_bos_port_t:s0
portcon tcp 2040 system_u:object_r:afs_fs_port_t:s0
portcon udp 7000 system_u:object_r:afs_fs_port_t:s0
portcon udp 7005 system_u:object_r:afs_fs_port_t:s0
portcon udp 7004 system_u:object_r:afs_ka_port_t:s0
portcon udp 7002 system_u:object_r:afs_pt_port_t:s0
portcon udp 7003 system_u:object_r:afs_vl_port_t:s0
portcon udp 10080 system_u:object_r:amanda_port_t:s0
portcon tcp 10080 system_u:object_r:amanda_port_t:s0
portcon udp 10081 system_u:object_r:amanda_port_t:s0
portcon tcp 10081 system_u:object_r:amanda_port_t:s0
portcon tcp 10082 system_u:object_r:amanda_port_t:s0
portcon tcp 10083 system_u:object_r:amanda_port_t:s0
portcon tcp 10024 system_u:object_r:amavisd_recv_port_t:s0
portcon tcp 10025 system_u:object_r:amavisd_send_port_t:s0
portcon tcp 1720 system_u:object_r:asterisk_port_t:s0
portcon udp 2427 system_u:object_r:asterisk_port_t:s0
portcon udp 2727 system_u:object_r:asterisk_port_t:s0
portcon udp 4569 system_u:object_r:asterisk_port_t:s0
portcon udp 5060 system_u:object_r:asterisk_port_t:s0
portcon tcp 113 system_u:object_r:auth_port_t:s0
portcon tcp 179 system_u:object_r:bgp_port_t:s0
portcon udp 179 system_u:object_r:bgp_port_t:s0
portcon tcp 3310 system_u:object_r:clamd_port_t:s0
portcon udp 4041 system_u:object_r:clockspeed_port_t:s0
portcon udp 512 system_u:object_r:comsat_port_t:s0
portcon tcp 2401 system_u:object_r:cvs_port_t:s0
portcon udp 2401 system_u:object_r:cvs_port_t:s0
portcon udp 6276 system_u:object_r:dcc_port_t:s0
portcon udp 6277 system_u:object_r:dcc_port_t:s0
portcon tcp 1178 system_u:object_r:dbskkd_port_t:s0
portcon udp 68 system_u:object_r:dhcpc_port_t:s0
portcon udp 67 system_u:object_r:dhcpd_port_t:s0
portcon tcp 647 system_u:object_r:dhcpd_port_t:s0
portcon udp 647 system_u:object_r:dhcpd_port_t:s0
portcon tcp 847 system_u:object_r:dhcpd_port_t:s0
portcon udp 847 system_u:object_r:dhcpd_port_t:s0
portcon tcp 2628 system_u:object_r:dict_port_t:s0
portcon tcp 3632 system_u:object_r:distccd_port_t:s0
portcon udp 53 system_u:object_r:dns_port_t:s0
portcon tcp 53 system_u:object_r:dns_port_t:s0
portcon tcp 79 system_u:object_r:fingerd_port_t:s0
portcon tcp 20 system_u:object_r:ftp_data_port_t:s0
portcon tcp 21 system_u:object_r:ftp_port_t:s0
portcon udp 1718 system_u:object_r:gatekeeper_port_t:s0
portcon udp 1719 system_u:object_r:gatekeeper_port_t:s0
portcon tcp 1721 system_u:object_r:gatekeeper_port_t:s0
portcon tcp 7000 system_u:object_r:gatekeeper_port_t:s0
portcon tcp 1213 system_u:object_r:giftd_port_t:s0
portcon tcp 70 system_u:object_r:gopher_port_t:s0
portcon udp 70 system_u:object_r:gopher_port_t:s0
portcon tcp 3128 system_u:object_r:http_cache_port_t:s0
portcon udp 3130 system_u:object_r:http_cache_port_t:s0
portcon tcp 8080 system_u:object_r:http_cache_port_t:s0
portcon tcp 8118 system_u:object_r:http_cache_port_t:s0
portcon tcp 80 system_u:object_r:http_port_t:s0
portcon tcp 443 system_u:object_r:http_port_t:s0
portcon tcp 488 system_u:object_r:http_port_t:s0
portcon tcp 8008 system_u:object_r:http_port_t:s0
portcon tcp 9050 system_u:object_r:http_port_t:s0
portcon tcp 5335 system_u:object_r:howl_port_t:s0
portcon udp 5353 system_u:object_r:howl_port_t:s0
portcon tcp 50000 system_u:object_r:hplip_port_t:s0
portcon tcp 50002 system_u:object_r:hplip_port_t:s0
portcon tcp 9010 system_u:object_r:i18n_input_port_t:s0
portcon tcp 5323 system_u:object_r:imaze_port_t:s0
portcon udp 5323 system_u:object_r:imaze_port_t:s0
portcon tcp 7 system_u:object_r:inetd_child_port_t:s0
portcon udp 7 system_u:object_r:inetd_child_port_t:s0
portcon tcp 9 system_u:object_r:inetd_child_port_t:s0
portcon udp 9 system_u:object_r:inetd_child_port_t:s0
portcon tcp 13 system_u:object_r:inetd_child_port_t:s0
portcon udp 13 system_u:object_r:inetd_child_port_t:s0
portcon tcp 19 system_u:object_r:inetd_child_port_t:s0
portcon udp 19 system_u:object_r:inetd_child_port_t:s0
portcon tcp 37 system_u:object_r:inetd_child_port_t:s0
portcon udp 37 system_u:object_r:inetd_child_port_t:s0
portcon tcp 512 system_u:object_r:inetd_child_port_t:s0
portcon tcp 543 system_u:object_r:inetd_child_port_t:s0
portcon tcp 544 system_u:object_r:inetd_child_port_t:s0
portcon tcp 891 system_u:object_r:inetd_child_port_t:s0
portcon udp 891 system_u:object_r:inetd_child_port_t:s0
portcon tcp 892 system_u:object_r:inetd_child_port_t:s0
portcon udp 892 system_u:object_r:inetd_child_port_t:s0
portcon tcp 2105 system_u:object_r:inetd_child_port_t:s0
portcon tcp 5666 system_u:object_r:inetd_child_port_t:s0
portcon tcp 119 system_u:object_r:innd_port_t:s0
portcon tcp 631 system_u:object_r:ipp_port_t:s0
portcon udp 631 system_u:object_r:ipp_port_t:s0
portcon tcp 6667 system_u:object_r:ircd_port_t:s0
portcon udp 500 system_u:object_r:isakmp_port_t:s0
portcon tcp 5222 system_u:object_r:jabber_client_port_t:s0
portcon tcp 5223 system_u:object_r:jabber_client_port_t:s0
portcon tcp 5269 system_u:object_r:jabber_interserver_port_t:s0
portcon tcp 464 system_u:object_r:kerberos_admin_port_t:s0
portcon udp 464 system_u:object_r:kerberos_admin_port_t:s0
portcon tcp 749 system_u:object_r:kerberos_admin_port_t:s0
portcon tcp 4444 system_u:object_r:kerberos_master_port_t:s0
portcon udp 4444 system_u:object_r:kerberos_master_port_t:s0
portcon tcp 88 system_u:object_r:kerberos_port_t:s0
portcon udp 88 system_u:object_r:kerberos_port_t:s0
portcon tcp 750 system_u:object_r:kerberos_port_t:s0
portcon udp 750 system_u:object_r:kerberos_port_t:s0
portcon udp 517 system_u:object_r:ktalkd_port_t:s0
portcon udp 518 system_u:object_r:ktalkd_port_t:s0
portcon tcp 389 system_u:object_r:ldap_port_t:s0
portcon udp 389 system_u:object_r:ldap_port_t:s0
portcon tcp 636 system_u:object_r:ldap_port_t:s0
portcon udp 636 system_u:object_r:ldap_port_t:s0
portcon tcp 2000 system_u:object_r:mail_port_t:s0
portcon tcp 1234 system_u:object_r:monopd_port_t:s0
portcon tcp 3306 system_u:object_r:mysqld_port_t:s0
portcon tcp 1241 system_u:object_r:nessus_port_t:s0
portcon udp 137 system_u:object_r:nmbd_port_t:s0
portcon udp 138 system_u:object_r:nmbd_port_t:s0
portcon udp 139 system_u:object_r:nmbd_port_t:s0
portcon udp 123 system_u:object_r:ntp_port_t:s0
portcon udp 5000 system_u:object_r:openvpn_port_t:s0
portcon tcp 5988 system_u:object_r:pegasus_http_port_t:s0
portcon tcp 5989 system_u:object_r:pegasus_https_port_t:s0
portcon tcp 106 system_u:object_r:pop_port_t:s0
portcon tcp 109 system_u:object_r:pop_port_t:s0
portcon tcp 110 system_u:object_r:pop_port_t:s0
portcon tcp 143 system_u:object_r:pop_port_t:s0
portcon tcp 220 system_u:object_r:pop_port_t:s0
portcon tcp 993 system_u:object_r:pop_port_t:s0
portcon tcp 995 system_u:object_r:pop_port_t:s0
portcon tcp 1109 system_u:object_r:pop_port_t:s0
portcon udp 111 system_u:object_r:portmap_port_t:s0
portcon tcp 111 system_u:object_r:portmap_port_t:s0
portcon tcp 5432 system_u:object_r:postgresql_port_t:s0
portcon tcp 60000 system_u:object_r:postgrey_port_t:s0
portcon tcp 515 system_u:object_r:printer_port_t:s0
portcon tcp 5703 system_u:object_r:ptal_port_t:s0
portcon udp 4011 system_u:object_r:pxe_port_t:s0
portcon udp 24441 system_u:object_r:pyzor_port_t:s0
portcon udp 1646 system_u:object_r:radacct_port_t:s0
portcon udp 1813 system_u:object_r:radacct_port_t:s0
portcon udp 1645 system_u:object_r:radius_port_t:s0
portcon udp 1812 system_u:object_r:radius_port_t:s0
portcon tcp 2703 system_u:object_r:razor_port_t:s0
portcon tcp 513 system_u:object_r:rlogind_port_t:s0
portcon tcp 953 system_u:object_r:rndc_port_t:s0
portcon udp 520 system_u:object_r:router_port_t:s0
portcon tcp 514 system_u:object_r:rsh_port_t:s0
portcon tcp 873 system_u:object_r:rsync_port_t:s0
portcon udp 873 system_u:object_r:rsync_port_t:s0
portcon tcp 137-139 system_u:object_r:smbd_port_t:s0
portcon tcp 445 system_u:object_r:smbd_port_t:s0
portcon tcp 25 system_u:object_r:smtp_port_t:s0
portcon tcp 465 system_u:object_r:smtp_port_t:s0
portcon tcp 587 system_u:object_r:smtp_port_t:s0
portcon udp 161 system_u:object_r:snmp_port_t:s0
portcon udp 162 system_u:object_r:snmp_port_t:s0
portcon tcp 199 system_u:object_r:snmp_port_t:s0
portcon tcp 783 system_u:object_r:spamd_port_t:s0
portcon tcp 22 system_u:object_r:ssh_port_t:s0
portcon tcp 8000 system_u:object_r:soundd_port_t:s0
portcon tcp 9433 system_u:object_r:soundd_port_t:s0
portcon tcp 901 system_u:object_r:swat_port_t:s0
portcon udp 514 system_u:object_r:syslogd_port_t:s0
portcon tcp 23 system_u:object_r:telnetd_port_t:s0
portcon udp 69 system_u:object_r:tftp_port_t:s0
portcon tcp 8081 system_u:object_r:transproxy_port_t:s0
portcon tcp 540 system_u:object_r:uucpd_port_t:s0
portcon tcp 5900 system_u:object_r:vnc_port_t:s0
portcon tcp 6001 system_u:object_r:xserver_port_t:s0
portcon tcp 6002 system_u:object_r:xserver_port_t:s0
portcon tcp 6003 system_u:object_r:xserver_port_t:s0
portcon tcp 6004 system_u:object_r:xserver_port_t:s0
portcon tcp 6005 system_u:object_r:xserver_port_t:s0
portcon tcp 6006 system_u:object_r:xserver_port_t:s0
portcon tcp 6007 system_u:object_r:xserver_port_t:s0
portcon tcp 6008 system_u:object_r:xserver_port_t:s0
portcon tcp 6009 system_u:object_r:xserver_port_t:s0
portcon tcp 6010 system_u:object_r:xserver_port_t:s0
portcon tcp 6011 system_u:object_r:xserver_port_t:s0
portcon tcp 6012 system_u:object_r:xserver_port_t:s0
portcon tcp 6013 system_u:object_r:xserver_port_t:s0
portcon tcp 6014 system_u:object_r:xserver_port_t:s0
portcon tcp 6015 system_u:object_r:xserver_port_t:s0
portcon tcp 6016 system_u:object_r:xserver_port_t:s0
portcon tcp 6017 system_u:object_r:xserver_port_t:s0
portcon tcp 6018 system_u:object_r:xserver_port_t:s0
portcon tcp 6019 system_u:object_r:xserver_port_t:s0
portcon tcp 8002 system_u:object_r:xen_port_t:s0
portcon tcp 2601 system_u:object_r:zebra_port_t:s0
portcon tcp 8021 system_u:object_r:zope_port_t:s0
portcon tcp 1-1023 system_u:object_r:reserved_port_t:s0
portcon udp 1-1023 system_u:object_r:reserved_port_t:s0
nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:: system_u:object_r:compat_ipv4_node_t:s0
nodecon 0.0.0.0 255.255.255.255 system_u:object_r:inaddr_any_node_t:s0
nodecon fe80:: ffff:ffff:ffff:ffff:: system_u:object_r:link_local_node_t:s0
nodecon 127.0.0.1 255.255.255.255 system_u:object_r:lo_node_t:s0
nodecon ::ffff:0000:0000 ffff:ffff:ffff:ffff:ffff:ffff:: system_u:object_r:mapped_ipv4_node_t:s0
nodecon ff00:: ff00:: system_u:object_r:multicast_node_t:s0
nodecon fec0:: ffc0:: system_u:object_r:site_local_node_t:s0
nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system_u:object_r:unspec_node_t:s0