policy_module(netlabel, 1.4.0) ######################################## # # Declarations # type netlabel_mgmt_t; type netlabel_mgmt_exec_t; application_domain(netlabel_mgmt_t, netlabel_mgmt_exec_t) role system_r types netlabel_mgmt_t; ######################################## # # NetLabel Management Tools Local policy # # modify the network subsystem configuration allow netlabel_mgmt_t self:capability net_admin; allow netlabel_mgmt_t self:netlink_socket create_socket_perms; allow netlabel_mgmt_t self:netlink_generic_socket create_socket_perms; kernel_read_network_state(netlabel_mgmt_t) files_read_etc_files(netlabel_mgmt_t) seutil_use_newrole_fds(netlabel_mgmt_t) userdom_use_user_terminals(netlabel_mgmt_t)