1; This is a dummy policy which main aim is to be compatible with test.log 2 3; Define one category and one sensitivity in order to make things work 4(mls true) 5(category c0) 6(categoryorder (c0)) 7(sensitivity s0) 8(sensitivityorder (s0)) 9(sensitivitycategory s0 (c0)) 10 11; Define some users and roles 12(user system_u) 13(user root) 14(user unconfined_u) 15(role system_r) 16(role unconfined_r) 17(userrole root system_r) 18(userrole system_u system_r) 19(userrole unconfined_u unconfined_r) 20(userlevel system_u (s0)) 21(userlevel root (s0)) 22(userlevel unconfined_u (s0)) 23(userrange system_u ((s0)(s0 (c0)))) 24(userrange root ((s0)(s0 (c0)))) 25(userrange unconfined_u ((s0)(s0 (c0)))) 26 27; Define domain types 28(type automount_t) 29(type ftpd_t) 30(type httpd_t) 31(type kernel_t) 32(type nsplugin_t) 33(type postfix_local_t) 34(type qemu_t) 35(type smbd_t) 36 37(roletype system_r automount_t) 38(roletype system_r ftpd_t) 39(roletype system_r httpd_t) 40(roletype system_r kernel_t) 41(roletype system_r postfix_local_t) 42(roletype system_r qemu_t) 43(roletype system_r smbd_t) 44(roletype unconfined_r nsplugin_t) 45 46; Define file types 47(type automount_lock_t) 48(type default_t) 49(type fixed_disk_device_t) 50(type home_root_t) 51(type httpd_sys_content_t) 52(type httpd_sys_script_exec_t) 53(type mail_spool_t) 54(type ssh_home_t) 55(type usr_t) 56(type var_t) 57 58; Define port types 59(type mysqld_port_t) 60(type reserved_port_t) 61 62; Define initial SID 63(sid kernel) 64(sidorder (kernel)) 65(sidcontext kernel (system_u system_r kernel_t ((s0) (s0)))) 66 67; Define classes 68(class blk_file (getattr open read write)) 69(class dir (append open search)) 70(class file (execute execute_no_trans getattr open read write)) 71(class tcp_socket (ioctl name_bind name_connect)) 72(classorder (blk_file file dir tcp_socket)) 73 74; The policy compiler requires at least one rule 75(allow kernel_t default_t (file (open read write))) 76