From c0e4fe2c9c88942b1e3f5a5886772d26ac5eef72 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 20 Sep 2005 14:20:02 +0000
Subject: [PATCH] add appconfig for mls and mcs

---
 refpolicy/Changelog                                  |  1 +
 refpolicy/Makefile                                   |  7 +------
 refpolicy/config/appconfig-strict-mcs/dbus_contexts  |  6 ++++++
 .../config/appconfig-strict-mcs/default_contexts     | 12 ++++++++++++
 refpolicy/config/appconfig-strict-mcs/default_type   |  3 +++
 .../config/appconfig-strict-mcs/failsafe_context     |  1 +
 refpolicy/config/appconfig-strict-mcs/initrc_context |  1 +
 refpolicy/config/appconfig-strict-mcs/media          |  3 +++
 .../config/appconfig-strict-mcs/removable_context    |  1 +
 .../appconfig-strict-mcs/root_default_contexts       |  9 +++++++++
 .../config/appconfig-strict-mcs/userhelper_context   |  1 +
 refpolicy/config/appconfig-strict-mls/dbus_contexts  |  6 ++++++
 .../config/appconfig-strict-mls/default_contexts     | 12 ++++++++++++
 refpolicy/config/appconfig-strict-mls/default_type   |  3 +++
 .../config/appconfig-strict-mls/failsafe_context     |  1 +
 refpolicy/config/appconfig-strict-mls/initrc_context |  1 +
 refpolicy/config/appconfig-strict-mls/media          |  3 +++
 .../config/appconfig-strict-mls/removable_context    |  1 +
 .../appconfig-strict-mls/root_default_contexts       |  9 +++++++++
 .../config/appconfig-strict-mls/userhelper_context   |  1 +
 .../config/appconfig-targeted-mcs/dbus_contexts      |  6 ++++++
 .../config/appconfig-targeted-mcs/default_contexts   |  6 ++++++
 refpolicy/config/appconfig-targeted-mcs/default_type |  1 +
 .../config/appconfig-targeted-mcs/failsafe_context   |  1 +
 .../config/appconfig-targeted-mcs/initrc_context     |  1 +
 refpolicy/config/appconfig-targeted-mcs/media        |  3 +++
 .../config/appconfig-targeted-mcs/removable_context  |  1 +
 .../appconfig-targeted-mcs/root_default_contexts     |  2 ++
 .../config/appconfig-targeted-mcs/userhelper_context |  1 +
 .../config/appconfig-targeted-mls/dbus_contexts      |  6 ++++++
 .../config/appconfig-targeted-mls/default_contexts   |  6 ++++++
 refpolicy/config/appconfig-targeted-mls/default_type |  1 +
 .../config/appconfig-targeted-mls/failsafe_context   |  1 +
 .../config/appconfig-targeted-mls/initrc_context     |  1 +
 refpolicy/config/appconfig-targeted-mls/media        |  3 +++
 .../config/appconfig-targeted-mls/removable_context  |  1 +
 .../appconfig-targeted-mls/root_default_contexts     |  2 ++
 .../config/appconfig-targeted-mls/userhelper_context |  1 +
 38 files changed, 120 insertions(+), 6 deletions(-)
 create mode 100644 refpolicy/config/appconfig-strict-mcs/dbus_contexts
 create mode 100644 refpolicy/config/appconfig-strict-mcs/default_contexts
 create mode 100644 refpolicy/config/appconfig-strict-mcs/default_type
 create mode 100644 refpolicy/config/appconfig-strict-mcs/failsafe_context
 create mode 100644 refpolicy/config/appconfig-strict-mcs/initrc_context
 create mode 100644 refpolicy/config/appconfig-strict-mcs/media
 create mode 100644 refpolicy/config/appconfig-strict-mcs/removable_context
 create mode 100644 refpolicy/config/appconfig-strict-mcs/root_default_contexts
 create mode 100644 refpolicy/config/appconfig-strict-mcs/userhelper_context
 create mode 100644 refpolicy/config/appconfig-strict-mls/dbus_contexts
 create mode 100644 refpolicy/config/appconfig-strict-mls/default_contexts
 create mode 100644 refpolicy/config/appconfig-strict-mls/default_type
 create mode 100644 refpolicy/config/appconfig-strict-mls/failsafe_context
 create mode 100644 refpolicy/config/appconfig-strict-mls/initrc_context
 create mode 100644 refpolicy/config/appconfig-strict-mls/media
 create mode 100644 refpolicy/config/appconfig-strict-mls/removable_context
 create mode 100644 refpolicy/config/appconfig-strict-mls/root_default_contexts
 create mode 100644 refpolicy/config/appconfig-strict-mls/userhelper_context
 create mode 100644 refpolicy/config/appconfig-targeted-mcs/dbus_contexts
 create mode 100644 refpolicy/config/appconfig-targeted-mcs/default_contexts
 create mode 100644 refpolicy/config/appconfig-targeted-mcs/default_type
 create mode 100644 refpolicy/config/appconfig-targeted-mcs/failsafe_context
 create mode 100644 refpolicy/config/appconfig-targeted-mcs/initrc_context
 create mode 100644 refpolicy/config/appconfig-targeted-mcs/media
 create mode 100644 refpolicy/config/appconfig-targeted-mcs/removable_context
 create mode 100644 refpolicy/config/appconfig-targeted-mcs/root_default_contexts
 create mode 100644 refpolicy/config/appconfig-targeted-mcs/userhelper_context
 create mode 100644 refpolicy/config/appconfig-targeted-mls/dbus_contexts
 create mode 100644 refpolicy/config/appconfig-targeted-mls/default_contexts
 create mode 100644 refpolicy/config/appconfig-targeted-mls/default_type
 create mode 100644 refpolicy/config/appconfig-targeted-mls/failsafe_context
 create mode 100644 refpolicy/config/appconfig-targeted-mls/initrc_context
 create mode 100644 refpolicy/config/appconfig-targeted-mls/media
 create mode 100644 refpolicy/config/appconfig-targeted-mls/removable_context
 create mode 100644 refpolicy/config/appconfig-targeted-mls/root_default_contexts
 create mode 100644 refpolicy/config/appconfig-targeted-mls/userhelper_context

diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index f068614d..89e8073a 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,4 +1,5 @@
 - Add experimental MCS support.
+- Add appconfig for MLS.
 - Add equivalents for old can_resolve(), can_ldap(), and
   can_portmap() to sysnetwork.
 - Fix base module compile issues.
diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index 4aeb4902..b7d13b8b 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -152,14 +152,9 @@ endif
 FC := file_contexts
 POLVER := policy.$(PV)
 
-ifneq ($(findstring targeted,$(TYPE)),)
-	APPCONF := config/appconfig-targeted
-else
-	APPCONF := config/appconfig-strict
-endif
-
 M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt)
 
+APPCONF := config/appconfig-$(TYPE)
 APPDIR := $(CONTEXTPATH)
 APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media $(INSTALLDIR)/booleans
 CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
diff --git a/refpolicy/config/appconfig-strict-mcs/dbus_contexts b/refpolicy/config/appconfig-strict-mcs/dbus_contexts
new file mode 100644
index 00000000..116e684f
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mcs/dbus_contexts
@@ -0,0 +1,6 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <selinux>
+  </selinux>
+</busconfig>
diff --git a/refpolicy/config/appconfig-strict-mcs/default_contexts b/refpolicy/config/appconfig-strict-mcs/default_contexts
new file mode 100644
index 00000000..7bf43ff6
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mcs/default_contexts
@@ -0,0 +1,12 @@
+system_r:sulogin_t:s0	sysadm_r:sysadm_t:s0
+system_r:local_login_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
+system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0
+system_r:sshd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+system_r:crond_t:s0	user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
+system_r:xdm_t:s0		staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+staff_r:staff_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+sysadm_r:sysadm_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+user_r:user_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+sysadm_r:sysadm_sudo_t:s0	sysadm_r:sysadm_t:s0
+staff_r:staff_sudo_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+user_r:user_sudo_t:s0	sysadm_r:sysadm_t:s0 user_r:user_t:s0
diff --git a/refpolicy/config/appconfig-strict-mcs/default_type b/refpolicy/config/appconfig-strict-mcs/default_type
new file mode 100644
index 00000000..d0a59323
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mcs/default_type
@@ -0,0 +1,3 @@
+sysadm_r:sysadm_t:s0
+staff_r:staff_t:s0
+user_r:user_t:s0
diff --git a/refpolicy/config/appconfig-strict-mcs/failsafe_context b/refpolicy/config/appconfig-strict-mcs/failsafe_context
new file mode 100644
index 00000000..999abd9a
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mcs/failsafe_context
@@ -0,0 +1 @@
+sysadm_r:sysadm_t:s0
diff --git a/refpolicy/config/appconfig-strict-mcs/initrc_context b/refpolicy/config/appconfig-strict-mcs/initrc_context
new file mode 100644
index 00000000..30ab971d
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mcs/initrc_context
@@ -0,0 +1 @@
+system_u:system_r:initrc_t:s0
diff --git a/refpolicy/config/appconfig-strict-mcs/media b/refpolicy/config/appconfig-strict-mcs/media
new file mode 100644
index 00000000..81f3463e
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mcs/media
@@ -0,0 +1,3 @@
+cdrom system_u:object_r:removable_device_t:s0
+floppy system_u:object_r:removable_device_t:s0
+disk system_u:object_r:fixed_disk_device_t:s0
diff --git a/refpolicy/config/appconfig-strict-mcs/removable_context b/refpolicy/config/appconfig-strict-mcs/removable_context
new file mode 100644
index 00000000..7fcc56e4
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mcs/removable_context
@@ -0,0 +1 @@
+system_u:object_r:removable_t:s0
diff --git a/refpolicy/config/appconfig-strict-mcs/root_default_contexts b/refpolicy/config/appconfig-strict-mcs/root_default_contexts
new file mode 100644
index 00000000..e9d95e86
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mcs/root_default_contexts
@@ -0,0 +1,9 @@
+system_r:local_login_t:s0  sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:crond_t:s0	sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+staff_r:staff_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+sysadm_r:sysadm_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+user_r:user_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#
+# Uncomment if you want to automatically login as sysadm_r
+#
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
diff --git a/refpolicy/config/appconfig-strict-mcs/userhelper_context b/refpolicy/config/appconfig-strict-mcs/userhelper_context
new file mode 100644
index 00000000..dc37a69b
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mcs/userhelper_context
@@ -0,0 +1 @@
+system_u:sysadm_r:sysadm_t:s0
diff --git a/refpolicy/config/appconfig-strict-mls/dbus_contexts b/refpolicy/config/appconfig-strict-mls/dbus_contexts
new file mode 100644
index 00000000..116e684f
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mls/dbus_contexts
@@ -0,0 +1,6 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <selinux>
+  </selinux>
+</busconfig>
diff --git a/refpolicy/config/appconfig-strict-mls/default_contexts b/refpolicy/config/appconfig-strict-mls/default_contexts
new file mode 100644
index 00000000..7bf43ff6
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mls/default_contexts
@@ -0,0 +1,12 @@
+system_r:sulogin_t:s0	sysadm_r:sysadm_t:s0
+system_r:local_login_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
+system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0
+system_r:sshd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+system_r:crond_t:s0	user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
+system_r:xdm_t:s0		staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+staff_r:staff_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+sysadm_r:sysadm_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+user_r:user_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+sysadm_r:sysadm_sudo_t:s0	sysadm_r:sysadm_t:s0
+staff_r:staff_sudo_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+user_r:user_sudo_t:s0	sysadm_r:sysadm_t:s0 user_r:user_t:s0
diff --git a/refpolicy/config/appconfig-strict-mls/default_type b/refpolicy/config/appconfig-strict-mls/default_type
new file mode 100644
index 00000000..d0a59323
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mls/default_type
@@ -0,0 +1,3 @@
+sysadm_r:sysadm_t:s0
+staff_r:staff_t:s0
+user_r:user_t:s0
diff --git a/refpolicy/config/appconfig-strict-mls/failsafe_context b/refpolicy/config/appconfig-strict-mls/failsafe_context
new file mode 100644
index 00000000..999abd9a
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mls/failsafe_context
@@ -0,0 +1 @@
+sysadm_r:sysadm_t:s0
diff --git a/refpolicy/config/appconfig-strict-mls/initrc_context b/refpolicy/config/appconfig-strict-mls/initrc_context
new file mode 100644
index 00000000..30ab971d
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mls/initrc_context
@@ -0,0 +1 @@
+system_u:system_r:initrc_t:s0
diff --git a/refpolicy/config/appconfig-strict-mls/media b/refpolicy/config/appconfig-strict-mls/media
new file mode 100644
index 00000000..81f3463e
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mls/media
@@ -0,0 +1,3 @@
+cdrom system_u:object_r:removable_device_t:s0
+floppy system_u:object_r:removable_device_t:s0
+disk system_u:object_r:fixed_disk_device_t:s0
diff --git a/refpolicy/config/appconfig-strict-mls/removable_context b/refpolicy/config/appconfig-strict-mls/removable_context
new file mode 100644
index 00000000..7fcc56e4
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mls/removable_context
@@ -0,0 +1 @@
+system_u:object_r:removable_t:s0
diff --git a/refpolicy/config/appconfig-strict-mls/root_default_contexts b/refpolicy/config/appconfig-strict-mls/root_default_contexts
new file mode 100644
index 00000000..e9d95e86
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mls/root_default_contexts
@@ -0,0 +1,9 @@
+system_r:local_login_t:s0  sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:crond_t:s0	sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+staff_r:staff_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+sysadm_r:sysadm_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+user_r:user_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#
+# Uncomment if you want to automatically login as sysadm_r
+#
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
diff --git a/refpolicy/config/appconfig-strict-mls/userhelper_context b/refpolicy/config/appconfig-strict-mls/userhelper_context
new file mode 100644
index 00000000..dc37a69b
--- /dev/null
+++ b/refpolicy/config/appconfig-strict-mls/userhelper_context
@@ -0,0 +1 @@
+system_u:sysadm_r:sysadm_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mcs/dbus_contexts b/refpolicy/config/appconfig-targeted-mcs/dbus_contexts
new file mode 100644
index 00000000..116e684f
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mcs/dbus_contexts
@@ -0,0 +1,6 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <selinux>
+  </selinux>
+</busconfig>
diff --git a/refpolicy/config/appconfig-targeted-mcs/default_contexts b/refpolicy/config/appconfig-targeted-mcs/default_contexts
new file mode 100644
index 00000000..94de3303
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mcs/default_contexts
@@ -0,0 +1,6 @@
+system_r:unconfined_t:s0	system_r:unconfined_t:s0
+system_r:initrc_t:s0	system_r:unconfined_t:s0
+system_r:local_login_t:s0 system_r:unconfined_t:s0
+system_r:remote_login_t:s0 system_r:unconfined_t:s0
+system_r:rshd_t:s0		system_r:unconfined_t:s0
+system_r:crond_t:s0	system_r:unconfined_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mcs/default_type b/refpolicy/config/appconfig-targeted-mcs/default_type
new file mode 100644
index 00000000..30fd6c0b
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mcs/default_type
@@ -0,0 +1 @@
+system_r:unconfined_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mcs/failsafe_context b/refpolicy/config/appconfig-targeted-mcs/failsafe_context
new file mode 100644
index 00000000..30fd6c0b
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mcs/failsafe_context
@@ -0,0 +1 @@
+system_r:unconfined_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mcs/initrc_context b/refpolicy/config/appconfig-targeted-mcs/initrc_context
new file mode 100644
index 00000000..dd0e5d97
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mcs/initrc_context
@@ -0,0 +1 @@
+user_u:system_r:unconfined_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mcs/media b/refpolicy/config/appconfig-targeted-mcs/media
new file mode 100644
index 00000000..81f3463e
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mcs/media
@@ -0,0 +1,3 @@
+cdrom system_u:object_r:removable_device_t:s0
+floppy system_u:object_r:removable_device_t:s0
+disk system_u:object_r:fixed_disk_device_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mcs/removable_context b/refpolicy/config/appconfig-targeted-mcs/removable_context
new file mode 100644
index 00000000..7fcc56e4
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mcs/removable_context
@@ -0,0 +1 @@
+system_u:object_r:removable_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mcs/root_default_contexts b/refpolicy/config/appconfig-targeted-mcs/root_default_contexts
new file mode 100644
index 00000000..7326fba3
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mcs/root_default_contexts
@@ -0,0 +1,2 @@
+system_r:unconfined_t:s0	system_r:unconfined_t:s0
+system_r:initrc_t:s0	system_r:unconfined_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mcs/userhelper_context b/refpolicy/config/appconfig-targeted-mcs/userhelper_context
new file mode 100644
index 00000000..01f02a35
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mcs/userhelper_context
@@ -0,0 +1 @@
+system_u:system_r:unconfined_t:s0	
diff --git a/refpolicy/config/appconfig-targeted-mls/dbus_contexts b/refpolicy/config/appconfig-targeted-mls/dbus_contexts
new file mode 100644
index 00000000..116e684f
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mls/dbus_contexts
@@ -0,0 +1,6 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <selinux>
+  </selinux>
+</busconfig>
diff --git a/refpolicy/config/appconfig-targeted-mls/default_contexts b/refpolicy/config/appconfig-targeted-mls/default_contexts
new file mode 100644
index 00000000..94de3303
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mls/default_contexts
@@ -0,0 +1,6 @@
+system_r:unconfined_t:s0	system_r:unconfined_t:s0
+system_r:initrc_t:s0	system_r:unconfined_t:s0
+system_r:local_login_t:s0 system_r:unconfined_t:s0
+system_r:remote_login_t:s0 system_r:unconfined_t:s0
+system_r:rshd_t:s0		system_r:unconfined_t:s0
+system_r:crond_t:s0	system_r:unconfined_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mls/default_type b/refpolicy/config/appconfig-targeted-mls/default_type
new file mode 100644
index 00000000..30fd6c0b
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mls/default_type
@@ -0,0 +1 @@
+system_r:unconfined_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mls/failsafe_context b/refpolicy/config/appconfig-targeted-mls/failsafe_context
new file mode 100644
index 00000000..30fd6c0b
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mls/failsafe_context
@@ -0,0 +1 @@
+system_r:unconfined_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mls/initrc_context b/refpolicy/config/appconfig-targeted-mls/initrc_context
new file mode 100644
index 00000000..dd0e5d97
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mls/initrc_context
@@ -0,0 +1 @@
+user_u:system_r:unconfined_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mls/media b/refpolicy/config/appconfig-targeted-mls/media
new file mode 100644
index 00000000..81f3463e
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mls/media
@@ -0,0 +1,3 @@
+cdrom system_u:object_r:removable_device_t:s0
+floppy system_u:object_r:removable_device_t:s0
+disk system_u:object_r:fixed_disk_device_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mls/removable_context b/refpolicy/config/appconfig-targeted-mls/removable_context
new file mode 100644
index 00000000..7fcc56e4
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mls/removable_context
@@ -0,0 +1 @@
+system_u:object_r:removable_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mls/root_default_contexts b/refpolicy/config/appconfig-targeted-mls/root_default_contexts
new file mode 100644
index 00000000..7326fba3
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mls/root_default_contexts
@@ -0,0 +1,2 @@
+system_r:unconfined_t:s0	system_r:unconfined_t:s0
+system_r:initrc_t:s0	system_r:unconfined_t:s0
diff --git a/refpolicy/config/appconfig-targeted-mls/userhelper_context b/refpolicy/config/appconfig-targeted-mls/userhelper_context
new file mode 100644
index 00000000..01f02a35
--- /dev/null
+++ b/refpolicy/config/appconfig-targeted-mls/userhelper_context
@@ -0,0 +1 @@
+system_u:system_r:unconfined_t:s0