1sid kernel u:r:kernel:s0 2sid security u:object_r:kernel:s0 3sid unlabeled u:object_r:unlabeled:s0 4sid fs u:object_r:labeledfs:s0 5sid file u:object_r:unlabeled:s0 6sid file_labels u:object_r:unlabeled:s0 7sid init u:object_r:unlabeled:s0 8sid any_socket u:object_r:unlabeled:s0 9sid port u:object_r:port:s0 10sid netif u:object_r:netif:s0 11sid netmsg u:object_r:unlabeled:s0 12sid node u:object_r:node:s0 13sid igmp_packet u:object_r:unlabeled:s0 14sid icmp_socket u:object_r:unlabeled:s0 15sid tcp_socket u:object_r:unlabeled:s0 16sid sysctl_modprobe u:object_r:unlabeled:s0 17sid sysctl u:object_r:proc:s0 18sid sysctl_fs u:object_r:unlabeled:s0 19sid sysctl_kernel u:object_r:unlabeled:s0 20sid sysctl_net u:object_r:unlabeled:s0 21sid sysctl_net_unix u:object_r:unlabeled:s0 22sid sysctl_vm u:object_r:unlabeled:s0 23sid sysctl_dev u:object_r:unlabeled:s0 24sid kmod u:object_r:unlabeled:s0 25sid policy u:object_r:unlabeled:s0 26sid scmp_packet u:object_r:unlabeled:s0 27sid devnull u:object_r:null_device:s0 28 29# Label inodes via getxattr. 30fs_use_xattr yaffs2 u:object_r:labeledfs:s0; 31fs_use_xattr jffs2 u:object_r:labeledfs:s0; 32fs_use_xattr ext2 u:object_r:labeledfs:s0; 33fs_use_xattr ext3 u:object_r:labeledfs:s0; 34fs_use_xattr ext4 u:object_r:labeledfs:s0; 35fs_use_xattr xfs u:object_r:labeledfs:s0; 36fs_use_xattr btrfs u:object_r:labeledfs:s0; 37 38# Label inodes from task label. 39fs_use_task pipefs u:object_r:pipefs:s0; 40fs_use_task sockfs u:object_r:sockfs:s0; 41 42# Label inodes from combination of task label and fs label. 43# Define type_transition rules if you want per-domain types. 44fs_use_trans devpts u:object_r:devpts:s0; 45fs_use_trans tmpfs u:object_r:tmpfs:s0; 46fs_use_trans devtmpfs u:object_r:device:s0; 47fs_use_trans shm u:object_r:shm:s0; 48fs_use_trans mqueue u:object_r:mqueue:s0; 49 50# Label inodes with the fs label. 51genfscon rootfs / u:object_r:rootfs:s0 52# proc labeling can be further refined (longest matching prefix). 53genfscon proc / u:object_r:proc:s0 54# selinuxfs booleans can be individually labeled. 55genfscon selinuxfs / u:object_r:selinuxfs:s0 56genfscon cgroup / u:object_r:cgroup:s0 57# sysfs labels can be set by userspace. 58genfscon sysfs / u:object_r:sysfs:s0 59genfscon inotifyfs / u:object_r:inotify:s0 60genfscon vfat / u:object_r:sdcard:s0 61genfscon debugfs / u:object_r:debugfs:s0 62genfscon fuse / u:object_r:sdcard:s0 63 64# portcon statements go here, e.g. 65# portcon tcp 80 u:object_r:http_port:s0 66