policy_module(domain,1.0)
# Mark process types as domains
attribute domain;
# entrypoint executables
attribute entry_type;
# widely-inheritable file descriptors
attribute privfd;
neverallow domain ~domain:process { transition dyntransition };