# Copyright (C) 2005 Tresys Technology, LLC

policy_module(domain,1.0)

# Mark process types as domains
attribute domain;

# entrypoint executables
attribute entry_type;

# processes started by init itself
attribute init_domain;
attribute init_domain_entry;

# short running processes started by init scripts,
# such as mount, usually for initializing the system
attribute system_domain;
attribute system_domain_entry;

# long running application processes started by 
# init scripts, such as sshd
attribute daemon_domain;
attribute daemon_domain_entry;

# widely-inheritable file descriptors
attribute privfd;

neverallow domain ~domain:process { transition dyntransition };