# SELinux Policy Editor, a simple editor for SELinux policies
# This section of the code is from the NSA SELinux release.
# Copyright (C) 2001, 2003 National Security Agency

# These files are from the NSA SELinux code.  More verbose comments might
# be a useful addition to describe their exact relationship with SELinux
# Policy Editor.

# FLASK

#
# Define the security context for each initial SID
# sid sidname   context

sid kernel	gen_context(system_u:system_r:kernel_t,s0)
sid security	gen_context(system_u:object_r:security_t,s0)
sid unlabeled	gen_context(system_u:object_r:unlabeled_t,s0)
sid fs		gen_context(system_u:object_r:fs_t,s0)
sid file	gen_context(system_u:object_r:xattrfs_t,s0)
sid file_labels	gen_context(system_u:object_r:unlabeled_t,s0)
# init_t is still used, but an initial SID is no longer required.
sid init	gen_context(system_u:object_r:unlabeled_t,s0)
# any_socket is no longer used.
sid any_socket 	gen_context(system_u:object_r:unlabeled_t,s0)
sid port	gen_context(system_u:object_r:port_t,s0)
sid netif	gen_context(system_u:object_r:netif_t,s0)
# netmsg is no longer used.
sid netmsg	gen_context(system_u:object_r:unlabeled_t,s0)
sid node gen_context(system_u:object_r:node_t,s0 - s15:c0.c255)
# These sockets are now labeled with the kernel SID,
# and do not require their own initial SIDs.
sid igmp_packet gen_context(system_u:object_r:unlabeled_t,s0)
sid icmp_socket gen_context(system_u:object_r:unlabeled_t,s0)
sid tcp_socket  gen_context(system_u:object_r:unlabeled_t,s0)
# Most of the sysctl SIDs are now computed at runtime
# from genfs_contexts, so the corresponding initial SIDs
# are no longer required.
sid sysctl_modprobe	gen_context(system_u:object_r:unlabeled_t,s0)
# But we still need the base sysctl initial SID as a default.
sid sysctl	gen_context(system_u:object_r:unlabeled_t,s0)
sid sysctl_fs	gen_context(system_u:object_r:unlabeled_t,s0)
sid sysctl_kernel	gen_context(system_u:object_r:unlabeled_t,s0)
sid sysctl_net	gen_context(system_u:object_r:unlabeled_t,s0)
sid sysctl_net_unix	gen_context(system_u:object_r:unlabeled_t,s0)
sid sysctl_vm	gen_context(system_u:object_r:unlabeled_t,s0)
sid sysctl_dev	gen_context(system_u:object_r:unlabeled_t,s0)
sid devnull	gen_context(system_u:object_r:null_device_t,s0)
# No longer used, can be removed.
sid kmod	gen_context(system_u:object_r:unlabeled_t,s0)
sid policy	gen_context(system_u:object_r:unlabeled_t,s0)
sid scmp_packet	gen_context(system_u:object_r:unlabeled_t,s0)

# FLASK
