define(`uncond_can_ypbind', `
dontaudit $1 reserved_port_type:{ tcp_socket udp_socket } name_bind;
can_network($1)
r_dir_file($1,var_yp_t)
allow $1 { reserved_port_t port_t }:{ tcp_socket udp_socket } name_bind;
dontaudit $1 self:capability net_bind_service;
')

define(`can_ypbind', `
ifdef(`ypbind.te', `
if (allow_ypbind) {
uncond_can_ypbind($1)
} else {
dontaudit $1 var_yp_t:dir search;
}
') dnl ypbind.te
') dnl can_ypbind