policy_module(domain,1.0)

########################################
#
# Declarations
#

# Mark process types as domains
attribute domain;

# entrypoint executables
attribute entry_type;

# widely-inheritable file descriptors
attribute privfd;

# Domains that can set their current context
# (perform dynamic transitions)
attribute set_curr_context;

# constraint related attributes
attribute can_change_process_identity;
attribute can_change_process_role;
attribute can_change_object_identity;

# Transitions only allowed from domains to other domains
neverallow domain ~domain:process { transition dyntransition };

# enabling setcurrent breaks process tranquility.  If you do not
# know what this means or do not understand the implications of a
# dynamic transition, you should not be using it!!!
neverallow { domain -set_curr_context } self:process setcurrent;

# TODO:
# cjp: also need to except correctly for SEFramework
#neverallow { domain unlabeled_t } file_type:process *;
#neverallow ~{ domain unlabeled_t } *:process *;