1# init switches to init domain (via init.rc). 2type init, domain; 3permissive init; 4# init is unconfined. 5unconfined_domain(init) 6tmpfs_domain(init) 7# add a rule to handle unlabelled mounts 8allow init unlabeled:filesystem mount; 9