#DESC Userspace Object Managers
#
#################################

# Get our own security context.
can_getcon(userspace_objmgr)
# Get security decisions via selinuxfs.
can_getsecurity(userspace_objmgr)
# Read /etc/selinux
r_dir_file(userspace_objmgr, { selinux_config_t default_context_t })
# Receive notifications of policy reloads and enforcing status changes.
allow userspace_objmgr self:netlink_selinux_socket { create bind read };