1type tcsd_device_t, device_type, dev_fs; 2type tcsd_readwrite_t, file_type; 3type tcsd_config_t, file_type, sysadmfile; 4daemon_domain(tcsd, `') 5general_domain_access(tcsd_t) 6allow unconfined_t tcsd_t:process transition; 7type_transition unconfined_t tcsd_exec_t:process tcsd_t; 8allow tcsd_t tcsd_exec_t:dir r_dir_perms; 9allow tcsd_t etc_t:file { read getattr lock ioctl }; 10allow tcsd_t etc_t:lnk_file { read getattr }; 11allow tcsd_t devtty_t:chr_file { ioctl read getattr lock write append }; 12allow tcsd_t devpts_t:chr_file { ioctl read getattr lock write append }; 13can_network(tcsd_t) 14read_sysctl(tcsd_t, full) 15r_dir_file(tcsd_t, usr_t) 16r_dir_file(tcsd_t, tcsd_config_t) 17rw_dir_file(tcsd_t, tcsd_readwrite_t) 18allow tcsd_t tcsd_readwrite_t:file { setattr }; 19allow tcsd_t tcsd_readwrite_t:dir { setattr }; 20allow tcsd_t tcsd_device_t:chr_file { ioctl read getattr lock write append }; 21allow tcsd_t { random_device_t }:chr_file { read getattr }; 22allow tcsd_t lib_t:dir r_dir_perms; 23allow tcsd_t lib_t:file { rx_file_perms execmod }; 24allow tcsd_t lib_t:lnk_file r_file_perms; 25allow tcsd_t lib_t:file { rx_file_perms execmod }; 26allow tcsd_t lib_t:lnk_file r_file_perms; 27allow tcsd_t lib_t:file { rx_file_perms execmod }; 28allow tcsd_t lib_t:lnk_file r_file_perms; 29allow tcsd_t var_lib_t:dir r_dir_perms; 30allow tcsd_t var_lib_t:file { rx_file_perms execmod }; 31allow tcsd_t var_lib_t:lnk_file r_file_perms; 32allow tcsd_t port_type:tcp_socket { send_msg recv_msg name_bind }; 33allow tcsd_t self:capability { chown net_bind_service dac_override fowner fsetid }; 34