module test-dracut 1.0; require { type loop_control_device_t; type usbmon_device_t; type dracut_tmp_t; type kmod_exec_t; type wireless_device_t; type proc_kcore_t; type fs_t; type sound_device_t; type dri_device_t; type kvm_device_t; type shadow_t; type gcc_config_exec_t; type autofs_device_t; type tty_device_t; type xserver_misc_device_t; type lvm_control_t; type dracut_t; type tmpfs_t; type event_device_t; type ptmx_t; type clock_device_t; type fixed_disk_device_t; type uhid_device_t; type device_t; type pmqos_device_t; type lvm_exec_t; type mouse_device_t; type random_device_t; type cpu_device_t; type console_device_t; type framebuf_device_t; type modules_object_t; type memory_device_t; type user_home_t; type unlabeled_t; type src_t; type fuse_device_t; type var_run_t; type tun_tap_device_t; type usb_device_t; type udev_exec_t; type acpi_bios_t; class chr_file getattr; class blk_file getattr; class dir { getattr relabelfrom search write }; class file { execute_no_trans getattr map read relabelfrom }; class process getsched; class filesystem getattr; } #============= dracut_t ============== allow dracut_t acpi_bios_t:chr_file getattr; allow dracut_t autofs_device_t:chr_file getattr; allow dracut_t clock_device_t:chr_file getattr; allow dracut_t console_device_t:chr_file getattr; allow dracut_t cpu_device_t:chr_file getattr; allow dracut_t device_t:chr_file getattr; allow dracut_t dracut_tmp_t:dir relabelfrom; allow dracut_t dracut_tmp_t:file relabelfrom; allow dracut_t dri_device_t:chr_file getattr; allow dracut_t event_device_t:chr_file getattr; allow dracut_t fixed_disk_device_t:blk_file getattr; allow dracut_t fixed_disk_device_t:chr_file getattr; allow dracut_t framebuf_device_t:chr_file getattr; allow dracut_t fs_t:filesystem getattr; allow dracut_t fuse_device_t:chr_file getattr; allow dracut_t gcc_config_exec_t:file execute_no_trans; allow dracut_t kmod_exec_t:file execute_no_trans; allow dracut_t kvm_device_t:chr_file getattr; allow dracut_t loop_control_device_t:chr_file getattr; allow dracut_t lvm_control_t:chr_file getattr; allow dracut_t lvm_exec_t:file execute_no_trans; allow dracut_t memory_device_t:chr_file getattr; allow dracut_t modules_object_t:file map; allow dracut_t mouse_device_t:chr_file getattr; allow dracut_t pmqos_device_t:chr_file getattr; allow dracut_t proc_kcore_t:file getattr; allow dracut_t ptmx_t:chr_file getattr; allow dracut_t random_device_t:chr_file getattr; allow dracut_t self:process getsched; allow dracut_t shadow_t:file read; allow dracut_t sound_device_t:chr_file getattr; allow dracut_t src_t:dir { getattr search }; allow dracut_t tmpfs_t:dir getattr; allow dracut_t tty_device_t:chr_file getattr; allow dracut_t tun_tap_device_t:chr_file getattr; allow dracut_t udev_exec_t:file execute_no_trans; allow dracut_t uhid_device_t:chr_file getattr; allow dracut_t unlabeled_t:dir getattr; allow dracut_t usb_device_t:chr_file getattr; allow dracut_t usbmon_device_t:chr_file getattr; allow dracut_t user_home_t:dir search; allow dracut_t var_run_t:dir write; allow dracut_t wireless_device_t:chr_file getattr; allow dracut_t xserver_misc_device_t:chr_file getattr;