#
# Authors:  Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser  
#

############################################
#
# Security types
#

# 
# security_t is the target type when checking
# the permissions in the security class.  It is also
# applied to selinuxfs inodes.
#
type security_t, mount_point, fs_type, mlstrustedobject;
dontaudit domain security_t:dir search;
dontaudit domain security_t:file { getattr read };

#
# policy_config_t is the type of /etc/security/selinux/*
# the security server policy configuration.
#
type policy_config_t, file_type, secadmfile;
# Since libselinux attempts to read these by default, most domains 
# do not need it.
dontaudit domain selinux_config_t:dir search;
dontaudit domain selinux_config_t:file { getattr read };

#
# policy_src_t is the type of the policy source
# files.
#
type policy_src_t, file_type, secadmfile;


#
# default_context_t is the type applied to 
# /etc/selinux/*/contexts/*
#
type default_context_t, file_type, login_contexts, secadmfile;

#
# file_context_t is the type applied to 
# /etc/selinux/*/contexts/files
#
type file_context_t, file_type, secadmfile;

#
# no_access_t is the type for objects that should
# only be accessed administratively. 
#
type no_access_t, file_type, sysadmfile;

#
# selinux_config_t is the type applied to 
# /etc/selinux/config
#
type selinux_config_t, file_type, secadmfile;