type dte_t,readable_t,generic_t,writable_t,sysbin_t,log_t;

domain admin_d = (/usr/bin/{sh,csh,ksh}),

        (drwx->dte_t,writable_t,readable_t,sysbin_t),

        (cdrwx->generic_t);

domain user_d = (/usr/bin/{sh,csh,ksh}),

        (drx->sysbin_t),

        (dr->dte_t,readable_t),

        (cdrwx->generic_t),

        (drw->writable_t);

domain login_d = (/usr/bin/login),

        (cdrw->writable_t),

        (dr->readable_t,dte_t,generic_t),

        (exec->user_d,admin_d);

domain daemon_d = (/sbin/init),

        (dr->dte_t,readable_t,generic_t),

        (drx->sysbin_t),

        (cdrw->writable_t),

        (auto->log_d,login_d);

domain log_d = (/usr/bin/syslogd),

        (cdrw->log_t),

        (dr->readable_t,generic_t),

        (drw->writable_t);

initial_domain = daemon_d;

assign -r generic_t /;
assign -r readable_t /etc;
assign -r -s sysbin_t /bin;
assign -r -s dte_t /dte;
assign -r writable_t /tmp;
assign -r writable_t /dev;
assign -r -s sysbin_t /sbin;
assign -r -s sysbin_t /usr/bin;
assign -r writable_t /usr/var;
assign -r -s sysbin_t /usr/sysbin;
assign -r log_t /usr/var/log;
assign writable_t /usr/var/log/utmp;
assign writable_t /usr/var/log/wtmp;