################################################
#
# Role-based access control (RBAC) configuration.
#

# The RBAC configuration was originally centralized in this
# file, but has been decomposed into individual role declarations, 
# role allow rules, and role transition rules throughout the TE 
# configuration to support easy removal or adding of domains without 
# modifying a centralized file each time. This also allowed the macros 
# to properly instantiate role declarations and rules for domains.
# Hence, this file is largely unused, except for miscellaneous 
# role allow rules.

########################################
#
# Role allow rules.
#
# A role allow rule specifies the allowable
# transitions between roles on an execve.
# If no rule is specified, then the change in
# roles will not be permitted.  Additional
# controls over role transitions based on the
# type of the process may be specified through
# the constraints file.
#
# The syntax of a role allow rule is:
# 	allow current_role new_role ;
# 
# Allow the admin role to transition to the system
# role for run_init.
#
allow sysadm_r system_r;