(class alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads))
(class appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class association (sendto recvfrom setcontext polmatch))
(class atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class binder (impersonate call set_context_mgr transfer))
(class blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads))
(class bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class bpf (map_create map_read map_write prog_load prog_run))
(class caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore))
(class cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap))
(class capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap))
(class capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore))
(class chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads))
(class dccp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))
(class decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir))
(class fd (use))
(class fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads))
(class file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint))
(class filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget watch))
(class icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))
(class ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class infiniband_endpoint (manage_subnet))
(class infiniband_pkey (access))
(class ipc (create destroy getattr setattr read write associate unix_read unix_write))
(class ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class kernel_service (use_as_override create_files_as))
(class key (view read write search link setattr create))
(class key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads))
(class lockdown (integrity confidentiality))
(class memprotect (mmap_zero))
(class msg (send receive))
(class msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue))
(class netif (ingress egress))
(class netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit))
(class netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write))
(class netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write))
(class netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write))
(class netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class node (recv_from sendto))
(class node_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))
(class packet (send recv relabelto forward_in forward_out))
(class packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class peer (recv))
(class perf_event (open cpu kernel tracepoint read write))
(class phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class process (fork transition sigchld sigkill sigstop signull signal ptrace setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent setsockcreate getrlimit))
(class process2 (nnp_transition nosuid_transition))
(class qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))
(class rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association))
(class security (compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy validate_trans))
(class sem (create destroy getattr setattr read write associate unix_read unix_write))
(class shm (create destroy getattr setattr read write associate unix_read unix_write lock))
(class smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads))
(class socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class system (ipc_info syslog_read syslog_mod syslog_console module_request module_load))
(class tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))
(class tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue))
(class udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))
(class unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto))
(class vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(class xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))
(classorder (alg_socket anon_inode appletalk_socket association atmpvc_socket atmsvc_socket ax25_socket binder blk_file bluetooth_socket bpf caif_socket can_socket cap2_userns cap_userns capability capability2 chr_file dccp_socket decnet_socket dir fd fifo_file file filesystem icmp_socket ieee802154_socket infiniband_endpoint infiniband_pkey ipc ipx_socket irda_socket isdn_socket iucv_socket kcm_socket kernel_service key key_socket llc_socket lnk_file lockdown memprotect msg msgq netif netlink_audit_socket netlink_connector_socket netlink_crypto_socket netlink_dnrt_socket netlink_fib_lookup_socket netlink_generic_socket netlink_iscsi_socket netlink_kobject_uevent_socket netlink_netfilter_socket netlink_nflog_socket netlink_rdma_socket netlink_route_socket netlink_scsitransport_socket netlink_selinux_socket netlink_socket netlink_tcpdiag_socket netlink_xfrm_socket netrom_socket nfc_socket node node_socket packet packet_socket peer perf_event phonet_socket pppox_socket process process2 qipcrtr_socket rawip_socket rds_socket rose_socket rxrpc_socket sctp_socket security sem shm smc_socket sock_file socket system tcp_socket tipc_socket tun_socket udp_socket unix_dgram_socket unix_stream_socket vsock_socket x25_socket xdp_socket))
(sensitivity s0)
(sensitivityorder (s0))
(user system_u)
(role system_r)
(role object_r)
(userrole system_u system_r)
(userrole system_u object_r)
(userlevel system_u (s0))
(userrange system_u ((s0) (s0)))
(typeattribute domain)
(typeattribute resource)
(typeattribute bin)
(typeattributeset resource (bin))
(typeattribute foo)
(typeattributeset domain (foo))
(type kernel_sid)
(roletype system_r kernel_sid)
(typeattributeset domain (kernel_sid))
(type qux)
(roletype system_r qux)
(typeattributeset domain (qux))
(type security_sid)
(roletype object_r security_sid)
(typeattributeset resource (security_sid))
(typeattribute tmp)
(typeattributeset resource (tmp))
(type unlabeled_sid)
(roletype object_r unlabeled_sid)
(typeattributeset resource (unlabeled_sid))
(typeattribute var)
(typeattributeset resource (var))
(typeattribute bar)
(typeattributeset foo (bar))
(typeattributeset domain (bar))
(typeattribute bar-bin)
(typeattributeset bin (bar-bin))
(typeattributeset resource (bar-bin))
(typeattribute foo-tmp)
(typeattributeset tmp (foo-tmp))
(typeattributeset resource (foo-tmp))
(typeattribute foo-var)
(typeattributeset var (foo-var))
(typeattributeset resource (foo-var))
(typeattribute bar-tmp)
(typeattributeset foo-tmp (bar-tmp))
(typeattributeset resource (bar-tmp))
(typeattribute bar-var)
(typeattributeset foo-var (bar-var))
(typeattributeset resource (bar-var))
(type baz)
(roletype system_r baz)
(typeattributeset bar (baz))
(typeattributeset domain (baz))
(type baz-bin)
(roletype object_r baz-bin)
(typeattributeset bar-bin (baz-bin))
(typeattributeset resource (baz-bin))
(type baz-tmp)
(roletype object_r baz-tmp)
(typeattributeset bar-tmp (baz-tmp))
(typeattributeset resource (baz-tmp))
(type baz-var)
(roletype object_r baz-var)
(typeattributeset bar-var (baz-var))
(typeattributeset resource (baz-var))
(macro bar-bin-not_an_associated_call_from_bin ((type this) (type source)) (allow source bin (file (read))))
(macro bar-tmp-associated_call_from_tmp ((type this) (type source)) (allow source tmp (file (read))))
(macro bar-tmp-not_an_associated_call ((type this) (type source)) (allow source tmp (file (write))))
(macro bar-var-associated_call_from_var ((type this) (type source)) (allow source var (file (read))))
(macro baz-bin-not_an_associated_call_from_bin ((type this) (type source)) (allow source bin (file (read))))
(macro baz-tmp-associated_call_from_tmp ((type this) (type source)) (allow source tmp (file (read))))
(macro baz-tmp-not_an_associated_call ((type this) (type source)) (allow source tmp (file (write))))
(macro baz-var-associated_call_from_var ((type this) (type source)) (allow source var (file (read))))
(macro bin-not_an_associated_call_from_bin ((type this) (type source)) (allow source bin (file (read))))
(macro foo-tmp-associated_call_from_tmp ((type this) (type source)) (allow source tmp (file (read))))
(macro foo-tmp-not_an_associated_call ((type this) (type source)) (allow source tmp (file (write))))
(macro foo-var-associated_call_from_var ((type this) (type source)) (allow source var (file (read))))
(macro tmp-associated_call_from_tmp ((type this) (type source)) (allow source tmp (file (read))))
(macro tmp-not_an_associated_call ((type this) (type source)) (allow source tmp (file (write))))
(macro var-associated_call_from_var ((type this) (type source)) (allow source var (file (read))))
(call bar-tmp-associated_call_from_tmp (bar-tmp bar))
(call bar-tmp-associated_call_from_tmp (bar-tmp qux))
(call bar-var-associated_call_from_var (bar-var bar))
(call baz-tmp-associated_call_from_tmp (baz-tmp baz))
(call baz-tmp-associated_call_from_tmp (baz-tmp qux))
(call baz-var-associated_call_from_var (baz-var baz))
(call foo-tmp-associated_call_from_tmp (foo-tmp foo))
(call foo-tmp-associated_call_from_tmp (foo-tmp qux))
(call foo-var-associated_call_from_var (foo-var foo))
(call tmp-associated_call_from_tmp (tmp foo))
(call tmp-not_an_associated_call (tmp foo))
(sid kernel)
(sidcontext kernel (system_u system_r kernel_sid ((s0) (s0))))
(sid security)
(sidcontext security (system_u object_r security_sid ((s0) (s0))))
(sid unlabeled)
(sidcontext unlabeled (system_u object_r unlabeled_sid ((s0) (s0))))
(sidorder (kernel security unlabeled))