#
# selinux_config_t is the type applied to
# /etc/selinux/config
#
type selinux_config_t;
files_make_file(selinux_config_t)

#
# policy_config_t is the type of /etc/security/selinux/*
# the security server policy configuration.
#
type policy_config_t;
files_make_file(policy_config_t)

attribute can_write_binary_policy;
attribute can_relabelto_binary_policy;
neverallow ~can_relabelto_binary_policy policy_config_t:file relabelto;
neverallow ~can_write_binary_policy policy_config_t:file { write append };

#
# policy_src_t is the type of the policy source
# files.
#
type policy_src_t;
files_make_file(policy_src_t)

#
# default_context_t is the type applied to
# /etc/selinux/*/contexts/*
#
type default_context_t;
files_make_file(default_context_t) 

#
# file_context_t is the type applied to
# /etc/selinux/*/contexts/files
#
type file_context_t;
files_make_file(file_context_t)

type load_policy_t;
domain_make_domain(load_policy_t)

type load_policy_exec_t;
domain_make_entrypoint_file(load_policy_t,load_policy_exec_t)

selinux_read_binary_policy(load_policy_t)