From e0dfbdf15fe409a2ad3c6826a57061340c25f3cd Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Feb 10 2006 14:21:16 +0000
Subject: fix process object class assertion for hierarchy


---

diff --git a/refpolicy/policy/modules/kernel/domain.te b/refpolicy/policy/modules/kernel/domain.te
index 6fad4cb..acc6267 100644
--- a/refpolicy/policy/modules/kernel/domain.te
+++ b/refpolicy/policy/modules/kernel/domain.te
@@ -63,7 +63,5 @@ attribute cron_job_domain;
 # SELinux identity and role change constraints
 attribute process_uncond_exempt;	# add userhelperdomain to this one
 
-# TODO:
-# cjp: also need to except correctly for SEFramework
-neverallow { domain unlabeled_t } file_type:process *;
+neverallow { domain unlabeled_t } ~{ domain unlabeled_t }:process *;
 neverallow ~{ domain unlabeled_t } *:process *;