1allow unconfineddomain self:capability_class_set *; 2allow unconfineddomain kernel:security ~load_policy; 3allow unconfineddomain kernel:system *; 4allow unconfineddomain self:memprotect *; 5allow unconfineddomain domain:process *; 6allow unconfineddomain domain:fd *; 7allow unconfineddomain domain:dir r_dir_perms; 8allow unconfineddomain domain:lnk_file r_file_perms; 9allow unconfineddomain domain:{ fifo_file file } rw_file_perms; 10allow unconfineddomain domain:socket_class_set *; 11allow unconfineddomain domain:ipc_class_set *; 12allow unconfineddomain domain:key *; 13allow unconfineddomain fs_type:filesystem *; 14allow unconfineddomain {fs_type dev_type file_type}:{ dir blk_file lnk_file sock_file fifo_file } ~relabelto; 15allow unconfineddomain {fs_type dev_type file_type}:{ chr_file file } ~{entrypoint relabelto}; 16allow unconfineddomain node_type:node *; 17allow unconfineddomain node_type:{ tcp_socket udp_socket rawip_socket } node_bind; 18allow unconfineddomain netif_type:netif *; 19allow unconfineddomain port_type:socket_class_set name_bind; 20allow unconfineddomain port_type:{ tcp_socket dccp_socket } name_connect; 21allow unconfineddomain domain:peer recv; 22allow unconfineddomain domain:binder { call transfer set_context_mgr }; 23allow unconfineddomain property_type:property_service set; 24