(typeattribute user_file_type)
(typeattribute user_application_exec_domain)
(typeattributeset user_application_exec_domain (user_t ))
(type user_t)
(roletype object_r user_t)
(roleattributeset cil_gen_require system_r)
(roleattributeset cil_gen_require user_r)
(roletype user_r user_t)
(roletype user_r pam_t)
(roletype user_r utempter_t)
(roleattributeset cil_gen_require newrole_roles)
(roleattributeset newrole_roles (user_r ))
(typeattributeset cil_gen_require unpriv_userdomain)
(typeattributeset unpriv_userdomain (user_t ))
(typeattributeset cil_gen_require userdomain)
(typeattributeset userdomain (user_t ))
(typeattributeset cil_gen_require user_devpts_t)
(typeattributeset cil_gen_require user_tty_device_t)
(typeattributeset cil_gen_require user_t)
(typeattributeset cil_gen_require domain)
(typeattributeset domain (user_t ))
(typeattributeset cil_gen_require init_t)
(typeattributeset cil_gen_require security_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require selinux_config_t)
(typeattributeset cil_gen_require shell_exec_t)
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (shell_exec_t bin_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (shell_exec_t bin_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (shell_exec_t bin_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (shell_exec_t bin_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (shell_exec_t bin_t ))
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require process_user_target)
(typeattributeset process_user_target (user_t ))
(typeattributeset cil_gen_require ubac_constrained_type)
(typeattributeset ubac_constrained_type (user_t ))
(typeattributeset cil_gen_require server_ptynode)
(typeattributeset cil_gen_require ptynode)
(typeattributeset ptynode (user_devpts_t ))
(typeattributeset cil_gen_require devpts_t)
(typeattributeset cil_gen_require device_node)
(typeattributeset device_node (user_devpts_t user_tty_device_t ))
(typeattributeset cil_gen_require ttynode)
(typeattributeset ttynode (user_tty_device_t ))
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require tty_device_t)
(typeattributeset cil_gen_require serial_device)
(typeattributeset serial_device (user_tty_device_t ))
(typeattributeset cil_gen_require bsdpty_device_t)
(typeattributeset cil_gen_require ptmx_t)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require sysctl_crypto_t)
(typeattributeset cil_gen_require sysctl_fs_t)
(typeattributeset cil_gen_require sysctl_vm_overcommit_t)
(typeattributeset cil_gen_require sysctl_vm_t)
(typeattributeset cil_gen_require unlabeled_t)
(typeattributeset cil_gen_require null_device_t)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require etc_runtime_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require readable_t)
(typeattributeset cil_gen_require lib_t)
(typeattributeset cil_gen_require ld_so_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require cert_t)
(typeattributeset cil_gen_require fonts_t)
(typeattributeset cil_gen_require net_conf_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_lib_t)
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require user_home_t)
(typeattributeset cil_gen_require user_home_dir_t)
(typeattributeset cil_gen_require user_bin_t)
(typeattributeset cil_gen_require user_cert_t)
(typeattributeset cil_gen_require home_root_t)
(typeattributeset cil_gen_require nfs_t)
(typeattributeset cil_gen_require cifs_t)
(typeattributeset cil_gen_require user_tmp_t)
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require user_runtime_t)
(typeattributeset cil_gen_require user_runtime_root_t)
(typeattributeset cil_gen_require user_tmpfs_t)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require urandom_device_t)
(typeattributeset cil_gen_require privfd)
(typeattributeset privfd (user_t ))
(typeattributeset cil_gen_require default_t)
(typeattributeset cil_gen_require lost_found_t)
(typeattributeset cil_gen_require filesystem_type)
(typeattributeset cil_gen_require autofs_t)
(typeattributeset cil_gen_require cgroup_types)
(typeattributeset cil_gen_require inotifyfs_t)
(typeattributeset cil_gen_require anon_inodefs_t)
(typeattributeset cil_gen_require wtmp_t)
(typeattributeset cil_gen_require chroot_exec_t)
(typeattributeset cil_gen_require application_exec_type)
(typeattributeset cil_gen_require initrc_runtime_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require logfile)
(typeattributeset cil_gen_require man_t)
(typeattributeset cil_gen_require man_cache_t)
(typeattributeset cil_gen_require public_content_t)
(typeattributeset cil_gen_require public_content_rw_t)
(typeattributeset cil_gen_require tetex_data_t)
(typeattributeset cil_gen_require default_context_t)
(typeattributeset cil_gen_require file_context_t)
(typeattributeset cil_gen_require netlabel_peer_t)
(typeattributeset cil_gen_require netif_t)
(typeattributeset cil_gen_require node_t)
(typeattributeset cil_gen_require port_type)
(typeattributeset cil_gen_require client_packet_type)
(typeattributeset cil_gen_require proc_net_t)
(typeattributeset cil_gen_require sysctl_net_t)
(typeattributeset cil_gen_require kernel_t)
(typeattributeset cil_gen_require sysctl_dev_t)
(typeattributeset cil_gen_require port_t)
(typeattributeset cil_gen_require defined_port_type)
(typeattributeset cil_gen_require random_device_t)
(typeattributeset cil_gen_require sound_device_t)
(typeattributeset cil_gen_require wireless_device_t)
(typeattributeset cil_gen_require var_lock_t)
(typeattributeset cil_gen_require mnt_t)
(typeattributeset cil_gen_require var_spool_t)
(typeattributeset cil_gen_require fixed_disk_device_t)
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (user_t ))
(typeattributeset cil_gen_require var_log_t)
(typeattributeset cil_gen_require pam_var_console_t)
(typeattributeset cil_gen_require pam_t)
(typeattributeset cil_gen_require pam_exec_t)
(typeattributeset cil_gen_require utempter_t)
(typeattributeset cil_gen_require utempter_exec_t)
(typeattributeset cil_gen_require newrole_t)
(typeattributeset cil_gen_require newrole_exec_t)
(typeattributeset cil_gen_require checkpolicy_exec_t)
(typeattributeset cil_gen_require setfiles_exec_t)
(typeattributeset cil_gen_require removable_device_t)
(typeattributeset cil_gen_require mouse_device_t)
(typeattributeset cil_gen_require noxattrfs)
(typeattributeset cil_gen_require usb_device_t)
(typeattributeset cil_gen_require reserved_port_type)
(typeattributeset cil_gen_require xserver_port_t)
(allow user_t shell_exec_t (file (entrypoint)))
(allow user_t shell_exec_t (file (ioctl read getattr lock map execute open)))
(allow user_t bin_t (file (entrypoint)))
(allow user_t bin_t (file (ioctl read getattr lock map execute open)))
(allow user_devpts_t devpts_t (filesystem (associate)))
(typechange user_t server_ptynode chr_file user_devpts_t)
(typechange user_t tty_device_t chr_file user_tty_device_t)
(allow user_t self (process (sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid setcap share getattr)))
(allow user_t self (fd (use)))
(allow user_t self (key (view read write search link setattr create)))
(allow user_t self (fifo_file (ioctl read write getattr lock append open)))
(allow user_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown sendto)))
(allow user_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
(allow user_t self (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
(allow user_t self (sem (create destroy getattr setattr read write associate unix_read unix_write)))
(allow user_t self (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
(allow user_t self (msg (send receive)))
(allow user_t self (context (contains)))
(dontaudit user_t self (socket (create)))
(allow user_t user_devpts_t (chr_file (ioctl read write getattr setattr lock append open)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t device_t (dir (ioctl read getattr lock open search)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t device_t (lnk_file (read getattr)))
(allow user_t ptmx_t (chr_file (ioctl read write getattr lock append open)))
(allow user_t devpts_t (dir (ioctl read getattr lock open search)))
(allow user_t devpts_t (filesystem (getattr)))
(dontaudit user_t bsdpty_device_t (chr_file (read write getattr)))
(typetransition user_t devpts_t chr_file user_devpts_t)
(dontaudit user_t user_devpts_t (chr_file (ioctl)))
(allow user_t user_tty_device_t (chr_file (ioctl read write getattr setattr lock append open)))
(dontaudit user_t user_tty_device_t (chr_file (ioctl)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_kernel_t (dir (getattr open search)))
(allow user_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_crypto_t (dir (getattr open search)))
(allow user_t sysctl_crypto_t (file (ioctl read getattr lock open)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_crypto_t (dir (ioctl read getattr lock open search)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_fs_t (dir (getattr open search)))
(allow user_t sysctl_fs_t (file (ioctl read getattr lock open)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_fs_t (dir (ioctl read getattr lock open search)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_vm_t (dir (getattr open search)))
(allow user_t sysctl_vm_overcommit_t (file (ioctl read getattr lock open)))
(dontaudit user_t unlabeled_t (dir (ioctl read getattr lock open search)))
(dontaudit user_t unlabeled_t (file (getattr)))
(dontaudit user_t unlabeled_t (lnk_file (getattr)))
(dontaudit user_t unlabeled_t (fifo_file (getattr)))
(dontaudit user_t unlabeled_t (sock_file (getattr)))
(dontaudit user_t unlabeled_t (blk_file (getattr)))
(dontaudit user_t unlabeled_t (chr_file (getattr)))
(dontaudit user_t device_node (blk_file (getattr)))
(dontaudit user_t device_t (blk_file (getattr)))
(dontaudit user_t device_node (chr_file (getattr)))
(dontaudit user_t device_t (chr_file (getattr)))
(dontaudit user_t null_device_t (chr_file (setattr)))
(allow user_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_relay)))
(allow user_t self (netlink_kobject_uevent_socket (ioctl read write create getattr setattr append bind getopt setopt shutdown)))
(dontaudit user_t domain (dir (ioctl read getattr lock open search)))
(dontaudit user_t domain (lnk_file (read getattr)))
(dontaudit user_t domain (file (ioctl read getattr lock open)))
(dontaudit user_t domain (sock_file (read getattr open)))
(dontaudit user_t domain (fifo_file (ioctl read getattr lock open)))
(dontaudit user_t domain (process (getattr)))
(dontaudit user_t domain (process (getsession)))
(allow user_t etc_t (dir (ioctl read getattr lock open search)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t etc_t (file (ioctl read getattr lock open)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t etc_t (lnk_file (read getattr)))
(allow user_t etc_t (dir (watch)))
(allow user_t etc_t (dir (ioctl read getattr lock open search)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t etc_runtime_t (lnk_file (read getattr)))
(allow user_t usr_t (dir (ioctl read getattr lock open search)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t usr_t (file (ioctl read getattr lock open)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t usr_t (lnk_file (read getattr)))
(allow user_t usr_t (dir (watch)))
(allow user_t var_run_t (dir (watch)))
(allow user_t readable_t (dir (ioctl read getattr lock open search)))
(allow user_t readable_t (file (ioctl read getattr lock open)))
(allow user_t readable_t (lnk_file (read getattr)))
(allow user_t readable_t (fifo_file (ioctl read getattr lock open)))
(allow user_t readable_t (sock_file (read getattr open)))
(dontaudit user_t non_security_file_type (dir (ioctl read getattr lock open search)))
(dontaudit user_t non_security_file_type (file (getattr)))
(dontaudit user_t non_security_file_type (lnk_file (getattr)))
(dontaudit user_t non_security_file_type (fifo_file (getattr)))
(dontaudit user_t non_security_file_type (sock_file (getattr)))
(allow user_t lib_t (dir (ioctl read getattr lock open search)))
(allow user_t lib_t (dir (getattr open search)))
(allow user_t lib_t (lnk_file (read getattr)))
(allow user_t ld_so_t (lnk_file (read getattr)))
(allow user_t lib_t (dir (getattr open search)))
(allow user_t ld_so_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t etc_t (lnk_file (read getattr)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t locale_t (dir (ioctl read getattr lock open search)))
(allow user_t locale_t (dir (getattr open search)))
(allow user_t locale_t (file (ioctl read getattr lock open)))
(allow user_t locale_t (dir (getattr open search)))
(allow user_t locale_t (lnk_file (read getattr)))
(allow user_t locale_t (file (map)))
(allow user_t cert_t (dir (ioctl read getattr lock open search)))
(allow user_t cert_t (dir (getattr open search)))
(allow user_t cert_t (file (ioctl read getattr lock open)))
(allow user_t cert_t (dir (getattr open search)))
(allow user_t cert_t (lnk_file (read getattr)))
(allow user_t fonts_t (dir (watch)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t var_run_t (lnk_file (read getattr)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_run_t (dir (getattr open search)))
(allow user_t net_conf_t (dir (ioctl read getattr lock open search)))
(allow user_t net_conf_t (file (ioctl read getattr lock open)))
(allow user_t net_conf_t (lnk_file (read getattr)))
(allow user_t init_t (system (status)))
(typemember user_t user_home_dir_t dir user_home_dir_t)
(allow user_t user_home_dir_t (lnk_file (read getattr)))
(allow user_t user_home_t (file (entrypoint)))
(allow user_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow user_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow user_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_home_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_home_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_t user_home_t (dir (getattr open search)))
(allow user_t user_home_dir_t (dir (getattr open search)))
(allow user_t user_home_t (dir (getattr relabelfrom relabelto)))
(allow user_t user_home_t (dir (getattr open search)))
(allow user_t user_home_dir_t (dir (getattr open search)))
(allow user_t user_home_t (file (getattr relabelfrom relabelto)))
(allow user_t user_home_t (dir (getattr open search)))
(allow user_t user_home_dir_t (dir (getattr open search)))
(allow user_t user_home_t (lnk_file (getattr relabelfrom relabelto)))
(allow user_t user_home_t (dir (getattr open search)))
(allow user_t user_home_dir_t (dir (getattr open search)))
(allow user_t user_home_t (sock_file (getattr relabelfrom relabelto)))
(allow user_t user_home_t (dir (getattr open search)))
(allow user_t user_home_dir_t (dir (getattr open search)))
(allow user_t user_home_t (fifo_file (getattr relabelfrom relabelto)))
(allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition user_t user_home_dir_t fifo_file user_home_t)
(typetransition user_t user_home_dir_t sock_file user_home_t)
(typetransition user_t user_home_dir_t lnk_file user_home_t)
(typetransition user_t user_home_dir_t dir user_home_t)
(typetransition user_t user_home_dir_t file user_home_t)
(allow user_t home_root_t (dir (ioctl read getattr lock open search)))
(allow user_t home_root_t (lnk_file (read getattr)))
(allow user_t user_home_dir_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
(allow user_t user_home_t (dir (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow user_t user_home_dir_t (dir (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow user_t user_home_t (file (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow user_t user_home_t (lnk_file (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow user_t user_home_t (sock_file (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow user_t user_home_t (fifo_file (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow user_t user_bin_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
(allow user_t user_bin_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
(allow user_t user_bin_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
(allow user_t home_root_t (dir (getattr open search)))
(allow user_t home_root_t (lnk_file (read getattr)))
(allow user_t user_bin_t (dir (getattr open search)))
(allow user_t user_bin_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow user_t user_bin_t (dir (getattr open search)))
(allow user_t user_bin_t (lnk_file (read getattr)))
(allow user_t home_root_t (dir (getattr open search)))
(allow user_t home_root_t (lnk_file (read getattr)))
(allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t home_root_t (dir (getattr open search)))
(allow user_t home_root_t (lnk_file (read getattr)))
(allow user_t user_cert_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_cert_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow user_t user_cert_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_cert_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_t user_cert_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_cert_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow user_t home_root_t (dir (getattr open search)))
(allow user_t home_root_t (lnk_file (read getattr)))
(allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t home_root_t (dir (getattr open search)))
(allow user_t home_root_t (lnk_file (read getattr)))
(typemember user_t tmp_t dir user_tmp_t)
(allow user_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow user_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_tmp_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow user_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_tmp_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_tmp_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition user_t tmp_t fifo_file user_tmp_t)
(typetransition user_t tmp_t sock_file user_tmp_t)
(typetransition user_t tmp_t lnk_file user_tmp_t)
(typetransition user_t tmp_t dir user_tmp_t)
(typetransition user_t tmp_t file user_tmp_t)
(allow user_t user_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition user_t user_runtime_t fifo_file user_tmp_t)
(typetransition user_t user_runtime_t sock_file user_tmp_t)
(typetransition user_t user_runtime_t lnk_file user_tmp_t)
(typetransition user_t user_runtime_t dir user_tmp_t)
(typetransition user_t user_runtime_t file user_tmp_t)
(allow user_t user_runtime_root_t (dir (getattr open search)))
(allow user_t var_run_t (lnk_file (read getattr)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_run_t (dir (getattr open search)))
(allow user_t user_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_tmpfs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow user_t user_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_tmpfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_t user_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow user_t user_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_tmpfs_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_t user_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t user_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_tmpfs_t tmpfs_t (filesystem (associate)))
(allow user_t tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition user_t tmpfs_t fifo_file user_tmpfs_t)
(typetransition user_t tmpfs_t sock_file user_tmpfs_t)
(typetransition user_t tmpfs_t lnk_file user_tmpfs_t)
(typetransition user_t tmpfs_t dir user_tmpfs_t)
(typetransition user_t tmpfs_t file user_tmpfs_t)
(allow user_t user_tmp_t (dir (getattr open search)))
(allow user_t user_tmp_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow user_t tmp_t (dir (getattr open search)))
(allow user_t user_runtime_t (dir (getattr open search)))
(allow user_t user_runtime_root_t (dir (getattr open search)))
(allow user_t var_run_t (lnk_file (read getattr)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_run_t (dir (getattr open search)))
(allow user_t home_root_t (dir (getattr open search)))
(allow user_t home_root_t (lnk_file (read getattr)))
(allow user_t user_home_t (dir (getattr open search)))
(allow user_t user_home_dir_t (dir (getattr open search)))
(allow user_t user_home_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow user_t user_tmpfs_t (file (map)))
(allow user_t self (capability (chown fowner setgid)))
(dontaudit user_t self (capability (fsetid sys_nice)))
(allow user_t self (process (transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate getrlimit)))
(dontaudit user_t self (process (setrlimit)))
(dontaudit user_t self (netlink_route_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
(allow user_t self (context (contains)))
(dontaudit user_t proc_t (file (ioctl read getattr lock open)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (file (ioctl read getattr lock open)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (lnk_file (read getattr)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (dir (ioctl read getattr lock open search)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow user_t privfd (fd (use)))
(dontaudit user_t entry_type (file (ioctl read getattr map execute open execute_no_trans)))
(dontaudit user_t default_t (dir (ioctl read getattr lock open search)))
(dontaudit user_t default_t (file (ioctl read getattr lock open)))
(allow user_t lost_found_t (dir (getattr)))
(allow user_t filesystem_type (filesystem (quotaget)))
(allow user_t filesystem_type (filesystem (getattr)))
(allow user_t file_type (filesystem (getattr)))
(allow user_t filesystem_type (dir (getattr)))
(allow user_t autofs_t (dir (getattr open search)))
(allow user_t cgroup_types (dir (getattr open search)))
(allow user_t cgroup_types (dir (ioctl read getattr lock open search)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t inotifyfs_t (dir (ioctl read getattr lock open search)))
(allow user_t anon_inodefs_t (dir (getattr open search)))
(allow user_t anon_inodefs_t (file (ioctl read write getattr lock append open)))
(dontaudit user_t cgroup_types (file (ioctl read write getattr lock append open)))
(dontaudit user_t wtmp_t (file (write)))
(dontaudit user_t exec_type (file (execute execute_no_trans)))
(allow user_t bin_t (dir (getattr open search)))
(allow user_t bin_t (lnk_file (read getattr)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t bin_t (dir (getattr open search)))
(allow user_t bin_t (dir (ioctl read getattr lock open search)))
(allow user_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow user_t bin_t (dir (getattr open search)))
(allow user_t bin_t (lnk_file (read getattr)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t bin_t (dir (getattr open search)))
(allow user_t bin_t (dir (ioctl read getattr lock open search)))
(allow user_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow user_t bin_t (dir (getattr open search)))
(allow user_t bin_t (lnk_file (read getattr)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t chroot_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow user_t self (capability (sys_chroot)))
(allow user_t application_exec_type (file (ioctl read getattr lock map execute open execute_no_trans)))
(dontaudit user_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
(dontaudit user_t init_t (fd (use)))
(dontaudit user_t initrc_t (fd (use)))
(allow user_t lib_t (dir (watch)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t lib_t (dir (ioctl read getattr lock open search)))
(allow user_t lib_t (dir (getattr open search)))
(allow user_t lib_t (lnk_file (read getattr)))
(allow user_t lib_t (dir (getattr open search)))
(allow user_t lib_t (file (ioctl read getattr map execute open execute_no_trans)))
(dontaudit user_t logfile (file (getattr)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t man_t (dir (ioctl read getattr lock open search)))
(allow user_t man_cache_t (dir (ioctl read getattr lock open search)))
(allow user_t man_t (dir (getattr open search)))
(allow user_t man_cache_t (dir (getattr open search)))
(allow user_t man_t (file (ioctl read getattr lock open)))
(allow user_t man_cache_t (file (ioctl read getattr lock open)))
(allow user_t man_t (dir (getattr open search)))
(allow user_t man_cache_t (dir (getattr open search)))
(allow user_t man_t (lnk_file (read getattr)))
(allow user_t man_cache_t (lnk_file (read getattr)))
(allow user_t man_cache_t (file (map)))
(allow user_t public_content_t (dir (ioctl read getattr lock open search)))
(allow user_t public_content_rw_t (dir (ioctl read getattr lock open search)))
(allow user_t public_content_t (dir (getattr open search)))
(allow user_t public_content_rw_t (dir (getattr open search)))
(allow user_t public_content_t (file (ioctl read getattr lock open)))
(allow user_t public_content_rw_t (file (ioctl read getattr lock open)))
(allow user_t public_content_t (dir (getattr open search)))
(allow user_t public_content_rw_t (dir (getattr open search)))
(allow user_t public_content_t (lnk_file (read getattr)))
(allow user_t public_content_rw_t (lnk_file (read getattr)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_lib_t (dir (getattr open search)))
(allow user_t tetex_data_t (dir (ioctl read getattr lock open search)))
(allow user_t tetex_data_t (dir (getattr open search)))
(allow user_t tetex_data_t (file (ioctl read getattr lock open)))
(allow user_t tetex_data_t (dir (getattr open search)))
(allow user_t tetex_data_t (lnk_file (read getattr)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_lib_t (dir (getattr open search)))
(allow user_t tetex_data_t (dir (ioctl read getattr lock open search)))
(allow user_t tetex_data_t (dir (getattr open search)))
(allow user_t tetex_data_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow user_t selinux_config_t (dir (getattr open search)))
(allow user_t selinux_config_t (file (ioctl read getattr lock open)))
(allow user_t selinux_config_t (dir (getattr open search)))
(allow user_t selinux_config_t (lnk_file (read getattr)))
(allow user_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow user_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow user_t netlabel_peer_t (peer (recv)))
(allow user_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow user_t netlabel_peer_t (udp_socket (recvfrom)))
(allow user_t netlabel_peer_t (rawip_socket (recvfrom)))
(allow user_t netif_t (netif (ingress egress)))
(allow user_t netif_t (netif (egress)))
(allow user_t netif_t (netif (ingress)))
(allow user_t node_t (node (recvfrom sendto)))
(allow user_t node_t (node (sendto)))
(allow user_t node_t (node (recvfrom)))
(allow user_t port_type (tcp_socket (name_connect)))
(allow user_t client_packet_type (packet (send)))
(allow user_t client_packet_type (packet (recv)))
(allow user_t self (association (sendto)))
(allow user_t user_t (association (recvfrom)))
(allow user_t user_t (association (recvfrom)))
(allow user_t user_t (peer (recv)))
(allow user_t user_t (peer (recv)))
(allow user_t netlabel_peer_t (peer (recv)))
(allow user_t netlabel_peer_t (peer (recv)))
(allow user_t self (association (sendto)))
(allow user_t user_t (tcp_socket (recvfrom)))
(allow user_t user_t (association (recvfrom)))
(allow user_t user_t (tcp_socket (recvfrom)))
(allow user_t user_t (association (recvfrom)))
(allow user_t user_t (peer (recv)))
(allow user_t user_t (peer (recv)))
(allow user_t netlabel_peer_t (peer (recv)))
(allow user_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow user_t netlabel_peer_t (peer (recv)))
(allow user_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow user_t self (association (sendto)))
(allow user_t user_t (udp_socket (recvfrom)))
(allow user_t user_t (association (recvfrom)))
(allow user_t user_t (peer (recv)))
(allow user_t netlabel_peer_t (peer (recv)))
(allow user_t netlabel_peer_t (udp_socket (recvfrom)))
(allow user_t self (association (sendto)))
(allow user_t user_t (rawip_socket (recvfrom)))
(allow user_t user_t (association (recvfrom)))
(allow user_t user_t (peer (recv)))
(allow user_t netlabel_peer_t (peer (recv)))
(allow user_t netlabel_peer_t (rawip_socket (recvfrom)))
(dontaudit user_t self (netlink_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(dontaudit user_t self (netlink_route_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
(allow user_t self (netlink_kobject_uevent_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow user_t unpriv_userdomain (fd (use)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t proc_t (file (ioctl read getattr lock open)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t proc_t (lnk_file (read getattr)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t proc_t (dir (ioctl read getattr lock open search)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t proc_net_t (dir (getattr open search)))
(allow user_t proc_net_t (file (ioctl read getattr lock open)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t proc_net_t (dir (getattr open search)))
(allow user_t proc_net_t (lnk_file (read getattr)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t proc_net_t (dir (ioctl read getattr lock open search)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_net_t (dir (getattr open search)))
(allow user_t sysctl_net_t (file (ioctl read getattr lock open)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_net_t (dir (ioctl read getattr lock open search)))
(allow user_t kernel_t (system (ipc_info)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_dev_t (dir (getattr open search)))
(allow user_t sysctl_dev_t (file (ioctl read getattr lock open)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t sysctl_t (dir (getattr open search)))
(allow user_t sysctl_dev_t (dir (ioctl read getattr lock open search)))
(allow user_t bin_t (dir (getattr open search)))
(allow user_t bin_t (lnk_file (read getattr)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t bin_t (dir (getattr open search)))
(allow user_t bin_t (dir (ioctl read getattr lock open search)))
(allow user_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow user_t node_t (udp_socket (node_bind)))
(allow user_t port_t (udp_socket (name_bind)))
(dontaudit user_t defined_port_type (udp_socket (name_bind)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t random_device_t (chr_file (ioctl read getattr lock open)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t sound_device_t (chr_file (ioctl write getattr lock append open)))
(allow user_t sound_device_t (chr_file (map)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t sound_device_t (chr_file (ioctl read getattr lock open)))
(allow user_t sound_device_t (chr_file (map)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t sound_device_t (chr_file (ioctl read getattr lock open)))
(allow user_t sound_device_t (chr_file (map)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t sound_device_t (chr_file (ioctl write getattr lock append open)))
(allow user_t sound_device_t (chr_file (map)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t wireless_device_t (chr_file (ioctl read getattr lock open)))
(allow user_t etc_t (dir (ioctl read getattr lock open search)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t etc_t (lnk_file (read getattr)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t etc_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow user_t var_lock_t (lnk_file (read getattr)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_lock_t (dir (getattr open search)))
(allow user_t mnt_t (dir (ioctl read getattr lock open search)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_t (file (ioctl read getattr lock open)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_t (lnk_file (read getattr)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_spool_t (dir (ioctl read getattr lock open search)))
(allow user_t var_spool_t (dir (getattr open search)))
(allow user_t var_spool_t (file (ioctl read getattr lock open)))
(allow user_t var_lib_t (dir (ioctl read getattr lock open search)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_lib_t (dir (getattr open search)))
(allow user_t var_lib_t (file (ioctl read getattr lock open)))
(allow user_t lost_found_t (dir (getattr)))
(allow user_t etc_t (dir (watch)))
(allow user_t usr_t (dir (watch)))
(allow user_t cgroup_types (dir (getattr open search)))
(allow user_t cgroup_types (file (ioctl read getattr lock open)))
(allow user_t cgroup_types (dir (getattr open search)))
(allow user_t cgroup_types (lnk_file (read getattr)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t security_t (filesystem (getattr)))
(allow user_t sysfs_t (filesystem (getattr)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t proc_t (file (ioctl read getattr lock open)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t proc_t (lnk_file (read getattr)))
(allow user_t proc_t (dir (getattr open search)))
(allow user_t proc_t (dir (ioctl read getattr lock open search)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t security_t (dir (ioctl read getattr lock open search)))
(allow user_t security_t (file (ioctl read write getattr map open)))
(allow user_t security_t (security (check_context)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow user_t security_t (dir (ioctl read getattr lock open search)))
(allow user_t security_t (file (ioctl read write getattr map open)))
(allow user_t security_t (security (compute_av)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t security_t (dir (ioctl read getattr lock open search)))
(allow user_t security_t (file (ioctl read write getattr map open)))
(allow user_t security_t (security (compute_create)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t security_t (dir (ioctl read getattr lock open search)))
(allow user_t security_t (file (ioctl read write getattr map open)))
(allow user_t security_t (security (compute_relabel)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t sysfs_t (dir (getattr open search)))
(allow user_t security_t (dir (ioctl read getattr lock open search)))
(allow user_t security_t (file (ioctl read write getattr map open)))
(allow user_t security_t (security (compute_user)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t device_t (dir (ioctl read getattr lock open search)))
(allow user_t device_t (dir (getattr open search)))
(allow user_t device_t (lnk_file (read getattr)))
(allow user_t fixed_disk_device_t (blk_file (getattr)))
(allow user_t fixed_disk_device_t (chr_file (getattr)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_log_t (dir (getattr open search)))
(allow user_t var_log_t (lnk_file (read getattr)))
(allow user_t wtmp_t (file (ioctl read getattr lock open)))
(allow user_t var_run_t (lnk_file (read getattr)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_run_t (dir (getattr open search)))
(allow user_t pam_var_console_t (dir (getattr open search)))
(allow user_t pam_exec_t (file (ioctl read getattr map execute open)))
(allow user_t pam_t (process (transition)))
(dontaudit user_t pam_t (process (noatsecure siginh rlimitinh)))
(typetransition user_t pam_exec_t process pam_t)
(allow pam_t user_t (fd (use)))
(allow pam_t user_t (fifo_file (ioctl read write getattr lock append)))
(allow pam_t user_t (process (sigchld)))
(allow user_t utempter_exec_t (file (ioctl read getattr map execute open)))
(allow user_t utempter_t (process (transition)))
(dontaudit user_t utempter_t (process (noatsecure siginh rlimitinh)))
(typetransition user_t utempter_exec_t process utempter_t)
(allow utempter_t user_t (fd (use)))
(allow utempter_t user_t (fifo_file (ioctl read write getattr lock append)))
(allow utempter_t user_t (process (sigchld)))
(allow user_t var_run_t (lnk_file (read getattr)))
(allow user_t var_t (dir (getattr open search)))
(allow user_t var_run_t (dir (ioctl read getattr lock open search)))
(allow user_t initrc_runtime_t (file (ioctl read getattr lock open)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t selinux_config_t (dir (getattr open search)))
(allow user_t default_context_t (dir (getattr open search)))
(allow user_t file_context_t (dir (getattr open search)))
(allow user_t file_context_t (file (ioctl read getattr lock open)))
(allow user_t file_context_t (file (map)))
(allow user_t etc_t (dir (getattr open search)))
(allow user_t selinux_config_t (dir (getattr open search)))
(allow user_t default_context_t (dir (ioctl read getattr lock open search)))
(allow user_t default_context_t (dir (getattr open search)))
(allow user_t default_context_t (file (ioctl read getattr lock open)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t bin_t (dir (getattr open search)))
(allow user_t bin_t (lnk_file (read getattr)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t newrole_exec_t (file (ioctl read getattr map execute open)))
(allow user_t newrole_t (process (transition)))
(dontaudit user_t newrole_t (process (noatsecure siginh rlimitinh)))
(typetransition user_t newrole_exec_t process newrole_t)
(allow newrole_t user_t (fd (use)))
(allow newrole_t user_t (fifo_file (ioctl read write getattr lock append)))
(allow newrole_t user_t (process (sigchld)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t bin_t (dir (getattr open search)))
(allow user_t bin_t (lnk_file (read getattr)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t checkpolicy_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t bin_t (dir (getattr open search)))
(allow user_t bin_t (lnk_file (read getattr)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t setfiles_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(dontaudit user_t newrole_t (process (signal)))
(dontaudit user_t domain (process (getsched)))
(dontaudit user_t reserved_port_type (tcp_socket (name_bind)))
(allow user_t xserver_port_t (tcp_socket (name_bind)))
(allow user_t self (capability (net_bind_service)))
(allow user_t usr_t (dir (ioctl read getattr lock open search)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t usr_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow user_t usr_t (dir (getattr open search)))
(allow user_t usr_t (lnk_file (read getattr)))
(allow user_t public_content_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t public_content_rw_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow user_t public_content_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t public_content_rw_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_t public_content_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow user_t public_content_rw_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow user_t public_content_rw_t (dir (watch)))
(roleallow system_r user_r)
(typetransition user_t user_home_dir_t dir ".pki" user_cert_t)
(typetransition user_t user_home_dir_t dir "bin" user_bin_t)
(booleanif (user_udp_server)
    (true
        (dontaudit user_t defined_port_type (udp_socket (name_bind)))
        (allow user_t port_t (udp_socket (name_bind)))
        (allow user_t node_t (udp_socket (node_bind)))
    )
)
(booleanif (user_tcp_server)
    (true
        (dontaudit user_t defined_port_type (tcp_socket (name_bind)))
        (allow user_t port_t (tcp_socket (name_bind)))
        (allow user_t node_t (tcp_socket (node_bind)))
    )
)
(booleanif (user_exec_noexattrfile)
    (true
        (allow user_t noxattrfs (file (ioctl read getattr lock map execute open execute_no_trans)))
    )
)
(booleanif (user_dmesg)
    (true
        (allow user_t kernel_t (system (syslog_read)))
        (allow user_t self (capability2 (syslog)))
    )
    (false
        (dontaudit user_t kernel_t (system (syslog_read)))
    )
)
(booleanif (user_ttyfile_stat)
    (true
        (allow user_t ttynode (chr_file (getattr)))
        (allow user_t device_t (lnk_file (read getattr)))
        (allow user_t device_t (dir (getattr open search)))
        (allow user_t device_t (dir (ioctl read getattr lock open search)))
        (allow user_t device_t (dir (getattr open search)))
    )
)
(booleanif (user_rw_noexattrfile)
    (true
        (allow user_t noxattrfs (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
        (allow user_t noxattrfs (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow user_t noxattrfs (dir (ioctl read getattr lock open search)))
        (allow user_t noxattrfs (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow user_t noxattrfs (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow user_t noxattrfs (dir (ioctl read getattr lock open search)))
        (allow user_t noxattrfs (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
    )
    (false
        (allow user_t noxattrfs (lnk_file (read getattr)))
        (allow user_t noxattrfs (dir (getattr open search)))
        (allow user_t noxattrfs (dir (ioctl read getattr lock open search)))
        (allow user_t noxattrfs (file (ioctl read getattr lock open)))
        (allow user_t noxattrfs (dir (getattr open search)))
        (allow user_t noxattrfs (dir (ioctl read getattr lock open search)))
    )
)
(booleanif (user_direct_mouse)
    (true
        (allow user_t mouse_device_t (chr_file (ioctl read getattr lock open)))
        (allow user_t device_t (dir (getattr open search)))
    )
)
(booleanif (user_write_removable)
    (true
        (allow user_t removable_device_t (blk_file (ioctl write getattr lock append open)))
        (allow user_t device_t (lnk_file (read getattr)))
        (allow user_t device_t (dir (getattr open search)))
        (allow user_t device_t (dir (ioctl read getattr lock open search)))
        (allow user_t device_t (dir (getattr open search)))
        (allow user_t removable_device_t (blk_file (ioctl read getattr lock open)))
        (allow user_t device_t (lnk_file (read getattr)))
        (allow user_t device_t (dir (getattr open search)))
        (allow user_t device_t (dir (ioctl read getattr lock open search)))
        (allow user_t device_t (dir (getattr open search)))
        (allow user_t usb_device_t (chr_file (ioctl read write getattr lock append open)))
        (allow user_t device_t (dir (getattr open search)))
    )
    (false
        (allow user_t removable_device_t (blk_file (ioctl read getattr lock open)))
        (allow user_t device_t (lnk_file (read getattr)))
        (allow user_t device_t (dir (getattr open search)))
        (allow user_t device_t (dir (ioctl read getattr lock open search)))
        (allow user_t device_t (dir (getattr open search)))
        (allow user_t usb_device_t (chr_file (ioctl read getattr lock open)))
        (allow user_t device_t (dir (getattr open search)))
    )
)
(booleanif (use_samba_home_dirs)
    (true
        (allow user_t cifs_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow user_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow user_t cifs_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow user_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow user_t cifs_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
        (allow user_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow user_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow user_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow user_t cifs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
        (allow user_t cifs_t (file (ioctl read getattr map execute open execute_no_trans)))
        (allow user_t cifs_t (dir (getattr open search)))
        (allow user_t cifs_t (dir (ioctl read getattr lock open search)))
    )
    (false
        (dontaudit user_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (dontaudit user_t cifs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
    )
)
(booleanif (use_nfs_home_dirs)
    (true
        (allow user_t nfs_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow user_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow user_t nfs_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow user_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow user_t nfs_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
        (allow user_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow user_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow user_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow user_t nfs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
        (allow user_t nfs_t (file (ioctl read getattr map execute open execute_no_trans)))
        (allow user_t nfs_t (dir (getattr open search)))
        (allow user_t nfs_t (dir (ioctl read getattr lock open search)))
    )
    (false
        (dontaudit user_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (dontaudit user_t nfs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
    )
)
(booleanif (user_all_users_send_syslog)
    (true
        (dontaudit user_t console_device_t (chr_file (ioctl read getattr lock open)))
        (allow user_t console_device_t (chr_file (ioctl write getattr lock append open)))
        (allow user_t device_t (lnk_file (read getattr)))
        (allow user_t device_t (dir (getattr open search)))
        (allow user_t device_t (dir (ioctl read getattr lock open search)))
        (allow user_t device_t (dir (getattr open search)))
        (allow user_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
        (allow user_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
        (allow user_t syslogd_t (unix_stream_socket (connectto)))
        (allow user_t syslogd_t (unix_dgram_socket (sendto)))
        (allow user_t syslogd_runtime_t (dir (getattr open search)))
        (allow user_t init_runtime_t (dir (getattr open search)))
        (allow user_t var_run_t (dir (getattr open search)))
        (allow user_t var_t (dir (getattr open search)))
        (allow user_t var_run_t (lnk_file (read getattr)))
        (allow user_t devlog_t (sock_file (write getattr append open)))
    )
)
(booleanif (and (allow_execmem) (allow_execstack))
    (true
        (allow user_t self (process (execstack)))
    )
)
(booleanif (allow_execmem)
    (true
        (allow user_t self (process (execmem)))
    )
)
(booleanif (console_login)
    (true
        (typechange user_t console_device_t chr_file user_tty_device_t)
    )
)
(optional unprivuser_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow user_t init_t (process (sigchld)))
    (allow user_t init_t (process (signull)))
    (optional unprivuser_optional_3
        (typeattributeset cil_gen_require rpm_t)
        (allow user_t rpm_t (fd (use)))
        (allow user_t rpm_t (fifo_file (ioctl read getattr lock open)))
    )
    (optional unprivuser_optional_4
        (typeattributeset cil_gen_require security_t)
        (typeattributeset cil_gen_require sysfs_t)
        (dontaudit user_t security_t (filesystem (getattr)))
        (dontaudit user_t sysfs_t (filesystem (getattr)))
        (dontaudit user_t sysfs_t (dir (getattr open search)))
        (dontaudit user_t security_t (dir (getattr open search)))
        (dontaudit user_t security_t (file (ioctl read getattr lock open)))
        (optional unprivuser_optional_5
            (typeattributeset cil_gen_require selinux_config_t)
            (dontaudit user_t selinux_config_t (dir (getattr open search)))
            (dontaudit user_t selinux_config_t (file (ioctl read getattr lock open)))
            (optional unprivuser_optional_6
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require apt_var_cache_t)
                (typeattributeset cil_gen_require apt_var_lib_t)
                (typeattributeset cil_gen_require var_lib_t)
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t apt_var_cache_t (dir (ioctl read getattr lock open search)))
                (allow user_t apt_var_cache_t (file (ioctl read getattr map open)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_lib_t (dir (getattr open search)))
                (allow user_t apt_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow user_t apt_var_lib_t (dir (getattr open search)))
                (allow user_t apt_var_lib_t (file (ioctl read getattr lock open)))
                (allow user_t apt_var_lib_t (dir (getattr open search)))
                (allow user_t apt_var_lib_t (lnk_file (read getattr)))
            )
            (optional unprivuser_optional_7
                (typeattributeset cil_gen_require devicekit_disk_t)
                (typeattributeset cil_gen_require devicekit_power_t)
                (allow user_t devicekit_disk_t (dbus (send_msg)))
                (allow devicekit_disk_t user_t (dbus (send_msg)))
                (allow user_t devicekit_power_t (dbus (send_msg)))
                (allow devicekit_power_t user_t (dbus (send_msg)))
            )
            (optional unprivuser_optional_8
                (typeattributeset cil_gen_require kerneloops_t)
                (allow user_t kerneloops_t (dbus (send_msg)))
                (allow kerneloops_t user_t (dbus (send_msg)))
            )
            (optional unprivuser_optional_9
                (typeattributeset cil_gen_require flash_home_t)
                (allow user_t flash_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t flash_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t flash_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t flash_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t flash_home_t (dir (getattr open search)))
                (allow user_t flash_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t flash_home_t (dir (getattr open search)))
                (allow user_t flash_home_t (dir (getattr relabelfrom relabelto)))
            )
            (optional unprivuser_optional_10
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require xdg_data_t)
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_data_t (dir (create getattr)))
                (typetransition user_t xdg_data_t dir "bin" user_bin_t)
            )
            (optional unprivuser_optional_11
                (roleattributeset cil_gen_require chfn_roles)
                (roleattributeset cil_gen_require passwd_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require chfn_t)
                (typeattributeset cil_gen_require chfn_exec_t)
                (typeattributeset cil_gen_require passwd_t)
                (typeattributeset cil_gen_require passwd_exec_t)
                (roleattributeset cil_gen_require chfn_roles)
                (roleattributeset chfn_roles (user_r ))
                (roleattributeset cil_gen_require passwd_roles)
                (roleattributeset passwd_roles (user_r ))
                (allow user_t bin_t (dir (getattr open search)))
                (allow user_t bin_t (lnk_file (read getattr)))
                (allow user_t usr_t (dir (getattr open search)))
                (allow user_t chfn_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t chfn_t (process (transition)))
                (dontaudit user_t chfn_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t chfn_exec_t process chfn_t)
                (allow chfn_t user_t (fd (use)))
                (allow chfn_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow chfn_t user_t (process (sigchld)))
                (dontaudit chfn_t user_t (tcp_socket (read write)))
                (dontaudit chfn_t user_t (udp_socket (read write)))
                (dontaudit chfn_t user_t (rawip_socket (read write)))
                (dontaudit chfn_t user_t (netlink_socket (read write)))
                (dontaudit chfn_t user_t (packet_socket (read write)))
                (dontaudit chfn_t user_t (unix_stream_socket (read write)))
                (dontaudit chfn_t user_t (unix_dgram_socket (read write)))
                (dontaudit chfn_t user_t (netlink_route_socket (read write)))
                (dontaudit chfn_t user_t (netlink_tcpdiag_socket (read write)))
                (dontaudit chfn_t user_t (netlink_nflog_socket (read write)))
                (dontaudit chfn_t user_t (netlink_xfrm_socket (read write)))
                (dontaudit chfn_t user_t (netlink_selinux_socket (read write)))
                (dontaudit chfn_t user_t (netlink_audit_socket (read write)))
                (dontaudit chfn_t user_t (netlink_dnrt_socket (read write)))
                (dontaudit chfn_t user_t (netlink_kobject_uevent_socket (read write)))
                (dontaudit chfn_t user_t (appletalk_socket (read write)))
                (dontaudit chfn_t user_t (tun_socket (read write)))
                (dontaudit chfn_t user_t (netlink_iscsi_socket (read write)))
                (dontaudit chfn_t user_t (netlink_fib_lookup_socket (read write)))
                (dontaudit chfn_t user_t (netlink_connector_socket (read write)))
                (dontaudit chfn_t user_t (netlink_netfilter_socket (read write)))
                (dontaudit chfn_t user_t (netlink_generic_socket (read write)))
                (dontaudit chfn_t user_t (netlink_scsitransport_socket (read write)))
                (dontaudit chfn_t user_t (netlink_rdma_socket (read write)))
                (dontaudit chfn_t user_t (netlink_crypto_socket (read write)))
                (dontaudit chfn_t user_t (sctp_socket (read write)))
                (dontaudit chfn_t user_t (icmp_socket (read write)))
                (dontaudit chfn_t user_t (ax25_socket (read write)))
                (dontaudit chfn_t user_t (ipx_socket (read write)))
                (dontaudit chfn_t user_t (netrom_socket (read write)))
                (dontaudit chfn_t user_t (atmpvc_socket (read write)))
                (dontaudit chfn_t user_t (x25_socket (read write)))
                (dontaudit chfn_t user_t (rose_socket (read write)))
                (dontaudit chfn_t user_t (decnet_socket (read write)))
                (dontaudit chfn_t user_t (atmsvc_socket (read write)))
                (dontaudit chfn_t user_t (rds_socket (read write)))
                (dontaudit chfn_t user_t (irda_socket (read write)))
                (dontaudit chfn_t user_t (pppox_socket (read write)))
                (dontaudit chfn_t user_t (llc_socket (read write)))
                (dontaudit chfn_t user_t (can_socket (read write)))
                (dontaudit chfn_t user_t (tipc_socket (read write)))
                (dontaudit chfn_t user_t (bluetooth_socket (read write)))
                (dontaudit chfn_t user_t (iucv_socket (read write)))
                (dontaudit chfn_t user_t (rxrpc_socket (read write)))
                (dontaudit chfn_t user_t (isdn_socket (read write)))
                (dontaudit chfn_t user_t (phonet_socket (read write)))
                (dontaudit chfn_t user_t (ieee802154_socket (read write)))
                (dontaudit chfn_t user_t (caif_socket (read write)))
                (dontaudit chfn_t user_t (alg_socket (read write)))
                (dontaudit chfn_t user_t (nfc_socket (read write)))
                (dontaudit chfn_t user_t (vsock_socket (read write)))
                (dontaudit chfn_t user_t (kcm_socket (read write)))
                (dontaudit chfn_t user_t (qipcrtr_socket (read write)))
                (dontaudit chfn_t user_t (smc_socket (read write)))
                (dontaudit chfn_t user_t (xdp_socket (read write)))
                (allow user_t bin_t (dir (getattr open search)))
                (allow user_t bin_t (lnk_file (read getattr)))
                (allow user_t usr_t (dir (getattr open search)))
                (allow user_t passwd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t passwd_t (process (transition)))
                (dontaudit user_t passwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t passwd_exec_t process passwd_t)
                (allow passwd_t user_t (fd (use)))
                (allow passwd_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow passwd_t user_t (process (sigchld)))
                (dontaudit passwd_t user_t (tcp_socket (read write)))
                (dontaudit passwd_t user_t (udp_socket (read write)))
                (dontaudit passwd_t user_t (rawip_socket (read write)))
                (dontaudit passwd_t user_t (netlink_socket (read write)))
                (dontaudit passwd_t user_t (packet_socket (read write)))
                (dontaudit passwd_t user_t (unix_stream_socket (read write)))
                (dontaudit passwd_t user_t (unix_dgram_socket (read write)))
                (dontaudit passwd_t user_t (netlink_route_socket (read write)))
                (dontaudit passwd_t user_t (netlink_tcpdiag_socket (read write)))
                (dontaudit passwd_t user_t (netlink_nflog_socket (read write)))
                (dontaudit passwd_t user_t (netlink_xfrm_socket (read write)))
                (dontaudit passwd_t user_t (netlink_selinux_socket (read write)))
                (dontaudit passwd_t user_t (netlink_audit_socket (read write)))
                (dontaudit passwd_t user_t (netlink_dnrt_socket (read write)))
                (dontaudit passwd_t user_t (netlink_kobject_uevent_socket (read write)))
                (dontaudit passwd_t user_t (appletalk_socket (read write)))
                (dontaudit passwd_t user_t (tun_socket (read write)))
                (dontaudit passwd_t user_t (netlink_iscsi_socket (read write)))
                (dontaudit passwd_t user_t (netlink_fib_lookup_socket (read write)))
                (dontaudit passwd_t user_t (netlink_connector_socket (read write)))
                (dontaudit passwd_t user_t (netlink_netfilter_socket (read write)))
                (dontaudit passwd_t user_t (netlink_generic_socket (read write)))
                (dontaudit passwd_t user_t (netlink_scsitransport_socket (read write)))
                (dontaudit passwd_t user_t (netlink_rdma_socket (read write)))
                (dontaudit passwd_t user_t (netlink_crypto_socket (read write)))
                (dontaudit passwd_t user_t (sctp_socket (read write)))
                (dontaudit passwd_t user_t (icmp_socket (read write)))
                (dontaudit passwd_t user_t (ax25_socket (read write)))
                (dontaudit passwd_t user_t (ipx_socket (read write)))
                (dontaudit passwd_t user_t (netrom_socket (read write)))
                (dontaudit passwd_t user_t (atmpvc_socket (read write)))
                (dontaudit passwd_t user_t (x25_socket (read write)))
                (dontaudit passwd_t user_t (rose_socket (read write)))
                (dontaudit passwd_t user_t (decnet_socket (read write)))
                (dontaudit passwd_t user_t (atmsvc_socket (read write)))
                (dontaudit passwd_t user_t (rds_socket (read write)))
                (dontaudit passwd_t user_t (irda_socket (read write)))
                (dontaudit passwd_t user_t (pppox_socket (read write)))
                (dontaudit passwd_t user_t (llc_socket (read write)))
                (dontaudit passwd_t user_t (can_socket (read write)))
                (dontaudit passwd_t user_t (tipc_socket (read write)))
                (dontaudit passwd_t user_t (bluetooth_socket (read write)))
                (dontaudit passwd_t user_t (iucv_socket (read write)))
                (dontaudit passwd_t user_t (rxrpc_socket (read write)))
                (dontaudit passwd_t user_t (isdn_socket (read write)))
                (dontaudit passwd_t user_t (phonet_socket (read write)))
                (dontaudit passwd_t user_t (ieee802154_socket (read write)))
                (dontaudit passwd_t user_t (caif_socket (read write)))
                (dontaudit passwd_t user_t (alg_socket (read write)))
                (dontaudit passwd_t user_t (nfc_socket (read write)))
                (dontaudit passwd_t user_t (vsock_socket (read write)))
                (dontaudit passwd_t user_t (kcm_socket (read write)))
                (dontaudit passwd_t user_t (qipcrtr_socket (read write)))
                (dontaudit passwd_t user_t (smc_socket (read write)))
                (dontaudit passwd_t user_t (xdp_socket (read write)))
            )
            (optional unprivuser_optional_12
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require cupsd_etc_t)
                (typeattributeset cil_gen_require cupsd_rw_etc_t)
                (typeattributeset cil_gen_require cupsd_t)
                (typeattributeset cil_gen_require cupsd_runtime_t)
                (allow user_t etc_t (dir (getattr open search)))
                (allow user_t cupsd_etc_t (dir (getattr open search)))
                (allow user_t cupsd_rw_etc_t (dir (getattr open search)))
                (allow user_t cupsd_etc_t (file (ioctl read getattr lock open)))
                (allow user_t cupsd_rw_etc_t (file (ioctl read getattr lock open)))
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t cupsd_runtime_t (sock_file (read getattr open)))
                (allow user_t cupsd_runtime_t (dir (getattr open search)))
                (allow user_t cupsd_runtime_t (sock_file (write getattr append open)))
                (allow user_t cupsd_t (unix_stream_socket (connectto)))
            )
            (optional unprivuser_optional_13
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require selinux_config_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require krb5kdc_conf_t)
                (typeattributeset cil_gen_require krb5_host_rcache_t)
                (typeattributeset cil_gen_require krb5_conf_t)
                (typeattributeset cil_gen_require krb5_home_t)
                (typeattributeset cil_gen_require default_context_t)
                (typeattributeset cil_gen_require file_context_t)
                (typeattributeset cil_gen_require netlabel_peer_t)
                (typeattributeset cil_gen_require netif_t)
                (typeattributeset cil_gen_require node_t)
                (typeattributeset cil_gen_require kerberos_client_packet_t)
                (typeattributeset cil_gen_require kerberos_port_t)
                (typeattributeset cil_gen_require ocsp_client_packet_t)
                (typeattributeset cil_gen_require ocsp_port_t)
                (allow user_t etc_t (dir (getattr open search)))
                (allow user_t krb5_conf_t (file (ioctl read getattr lock open)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t krb5_home_t (file (ioctl read getattr lock open)))
                (dontaudit user_t krb5_conf_t (file (ioctl write getattr lock append open)))
                (dontaudit user_t krb5kdc_conf_t (dir (ioctl read getattr lock open search)))
                (dontaudit user_t krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
                (dontaudit user_t self (process (setfscreate)))
                (dontaudit user_t security_t (dir (ioctl read getattr lock open search)))
                (dontaudit user_t security_t (file (ioctl read write getattr map open)))
                (dontaudit user_t security_t (security (check_context)))
                (dontaudit user_t selinux_config_t (dir (getattr open search)))
                (dontaudit user_t default_context_t (dir (getattr open search)))
                (dontaudit user_t file_context_t (dir (getattr open search)))
                (dontaudit user_t file_context_t (file (ioctl read getattr lock open)))
                (dontaudit user_t file_context_t (file (map)))
                (booleanif (allow_kerberos)
                    (true
                        (allow user_t krb5_host_rcache_t (file (getattr)))
                        (allow user_t ocsp_port_t (tcp_socket (name_connect)))
                        (allow user_t ocsp_client_packet_t (packet (recv)))
                        (allow user_t ocsp_client_packet_t (packet (send)))
                        (allow user_t kerberos_port_t (tcp_socket (name_connect)))
                        (allow user_t kerberos_client_packet_t (packet (recv)))
                        (allow user_t kerberos_client_packet_t (packet (send)))
                        (allow user_t node_t (node (recvfrom)))
                        (allow user_t node_t (node (sendto)))
                        (allow user_t node_t (node (recvfrom sendto)))
                        (allow user_t netif_t (netif (ingress)))
                        (allow user_t netif_t (netif (egress)))
                        (allow user_t netif_t (netif (ingress egress)))
                        (allow user_t netlabel_peer_t (tcp_socket (recvfrom)))
                        (allow user_t netlabel_peer_t (udp_socket (recvfrom)))
                        (allow user_t netlabel_peer_t (rawip_socket (recvfrom)))
                        (allow user_t netlabel_peer_t (peer (recv)))
                        (allow user_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                        (allow user_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                    )
                )
                (optional unprivuser_optional_14
                    (typeattributeset cil_gen_require var_run_t)
                    (typeattributeset cil_gen_require var_t)
                    (typeattributeset cil_gen_require pcscd_t)
                    (typeattributeset cil_gen_require pcscd_runtime_t)
                    (booleanif (allow_kerberos)
                        (true
                            (allow pcscd_t user_t (file (ioctl read getattr lock open)))
                            (allow pcscd_t user_t (dir (ioctl read getattr lock open search)))
                            (allow user_t pcscd_t (unix_stream_socket (connectto)))
                            (allow user_t pcscd_runtime_t (sock_file (write getattr append open)))
                            (allow user_t pcscd_runtime_t (dir (getattr open search)))
                            (allow user_t var_run_t (dir (getattr open search)))
                            (allow user_t var_t (dir (getattr open search)))
                            (allow user_t var_run_t (lnk_file (read getattr)))
                        )
                    )
                )
                (optional unprivuser_optional_15
                    (typeattributeset cil_gen_require var_t)
                    (typeattributeset cil_gen_require var_lib_t)
                    (typeattributeset cil_gen_require sssd_public_t)
                    (typeattributeset cil_gen_require sssd_var_lib_t)
                    (allow user_t sssd_var_lib_t (dir (getattr open search)))
                    (allow user_t var_t (dir (getattr open search)))
                    (allow user_t var_lib_t (dir (getattr open search)))
                    (allow user_t sssd_public_t (dir (ioctl read getattr lock open search)))
                    (allow user_t sssd_public_t (dir (getattr open search)))
                    (allow user_t sssd_public_t (file (ioctl read getattr lock open)))
                )
            )
            (optional unprivuser_optional_16
                (typeattributeset cil_gen_require mail_spool_t)
                (dontaudit user_t mail_spool_t (lnk_file (read)))
            )
            (optional unprivuser_optional_17
                (typeattributeset cil_gen_require quota_db_t)
                (dontaudit user_t quota_db_t (file (getattr)))
            )
            (optional unprivuser_optional_18
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require rpm_var_lib_t)
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_lib_t (dir (getattr open search)))
                (allow user_t rpm_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow user_t rpm_var_lib_t (dir (getattr open search)))
                (allow user_t rpm_var_lib_t (file (ioctl read getattr lock open)))
                (allow user_t rpm_var_lib_t (dir (getattr open search)))
                (allow user_t rpm_var_lib_t (lnk_file (read getattr)))
                (allow user_t rpm_var_lib_t (file (map)))
                (dontaudit user_t rpm_var_lib_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (dontaudit user_t rpm_var_lib_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (dontaudit user_t rpm_var_lib_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (dontaudit user_t rpm_var_lib_t (file (map)))
            )
            (optional unprivuser_optional_19
                (roleattributeset cil_gen_require loadkeys_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require loadkeys_t)
                (typeattributeset cil_gen_require loadkeys_exec_t)
                (roleattributeset cil_gen_require loadkeys_roles)
                (roleattributeset loadkeys_roles (user_r ))
                (allow user_t bin_t (dir (getattr open search)))
                (allow user_t bin_t (lnk_file (read getattr)))
                (allow user_t usr_t (dir (getattr open search)))
                (allow user_t loadkeys_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t loadkeys_t (process (transition)))
                (dontaudit user_t loadkeys_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t loadkeys_exec_t process loadkeys_t)
                (allow loadkeys_t user_t (fd (use)))
                (allow loadkeys_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow loadkeys_t user_t (process (sigchld)))
            )
            (optional unprivuser_optional_20
                (typeattributeset cil_gen_require netlabel_peer_t)
                (typeattributeset cil_gen_require daemon)
                (allow user_t self (association (sendto)))
                (allow daemon self (association (sendto)))
                (allow user_t daemon (tcp_socket (recvfrom)))
                (allow user_t daemon (association (recvfrom)))
                (allow daemon user_t (tcp_socket (recvfrom)))
                (allow daemon user_t (association (recvfrom)))
                (allow user_t daemon (peer (recv)))
                (allow daemon user_t (peer (recv)))
                (allow user_t netlabel_peer_t (peer (recv)))
                (allow user_t netlabel_peer_t (tcp_socket (recvfrom)))
                (allow daemon netlabel_peer_t (peer (recv)))
                (allow daemon netlabel_peer_t (tcp_socket (recvfrom)))
                (allow daemon self (association (sendto)))
                (allow user_t daemon (udp_socket (recvfrom)))
                (allow user_t daemon (association (recvfrom)))
                (allow user_t daemon (peer (recv)))
                (allow user_t netlabel_peer_t (peer (recv)))
                (allow user_t netlabel_peer_t (udp_socket (recvfrom)))
            )
            (optional unprivuser_optional_21
                (typeattributeset cil_gen_require ipsec_spd_t)
                (allow user_t ipsec_spd_t (association (polmatch)))
                (allow user_t self (association (sendto)))
            )
            (optional unprivuser_optional_22
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require alsa_home_t)
                (typeattributeset cil_gen_require alsa_etc_t)
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t alsa_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t etc_t (dir (getattr open search)))
                (allow user_t alsa_etc_t (dir (ioctl read getattr lock open search)))
                (allow user_t alsa_etc_t (dir (getattr open search)))
                (allow user_t alsa_etc_t (file (ioctl read getattr lock open)))
                (allow user_t alsa_etc_t (dir (getattr open search)))
                (allow user_t alsa_etc_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t alsa_home_t (file (getattr relabelfrom relabelto)))
                (typetransition user_t user_home_dir_t file ".asoundrc" alsa_home_t)
            )
            (optional unprivuser_optional_23
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require acpid_t)
                (typeattributeset cil_gen_require acpid_runtime_t)
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t acpid_runtime_t (dir (getattr open search)))
                (allow user_t acpid_runtime_t (sock_file (write getattr append open)))
                (allow user_t acpid_t (unix_stream_socket (connectto)))
            )
            (optional unprivuser_optional_24
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require canna_t)
                (typeattributeset cil_gen_require canna_runtime_t)
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t canna_runtime_t (dir (getattr open search)))
                (allow user_t canna_runtime_t (sock_file (write getattr append open)))
                (allow user_t canna_t (unix_stream_socket (connectto)))
            )
            (optional unprivuser_optional_25
                (type user_cockpit_tmpfs_t)
                (roletype object_r user_cockpit_tmpfs_t)
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require etc_runtime_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require user_tmpfs_t)
                (typeattributeset cil_gen_require tmpfs_t)
                (typeattributeset cil_gen_require default_t)
                (typeattributeset cil_gen_require initrc_runtime_t)
                (typeattributeset cil_gen_require tmpfsfile)
                (typeattributeset cil_gen_require root_t)
                (typeattributeset cil_gen_require cockpit_ws_t)
                (typeattributeset cil_gen_require systemd_logind_runtime_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (user_cockpit_tmpfs_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (user_cockpit_tmpfs_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (user_cockpit_tmpfs_t ))
                (typeattributeset cil_gen_require tmpfsfile)
                (typeattributeset tmpfsfile (user_cockpit_tmpfs_t ))
                (allow user_t device_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition user_t device_t file user_cockpit_tmpfs_t)
                (allow user_cockpit_tmpfs_t device_t (filesystem (associate)))
                (allow user_cockpit_tmpfs_t tmpfs_t (filesystem (associate)))
                (allow user_cockpit_tmpfs_t tmp_t (filesystem (associate)))
                (allow user_t user_cockpit_tmpfs_t (file (ioctl read write create getattr setattr lock append map unlink link rename execute open)))
                (dontaudit user_t device_t (file (execute)))
                (dontaudit user_t default_t (file (execute)))
                (dontaudit user_t etc_runtime_t (file (execute)))
                (dontaudit user_t var_run_t (file (execute)))
                (allow user_t etc_t (file (watch)))
                (allow user_t root_t (dir (watch)))
                (allow user_t var_t (dir (watch)))
                (allow user_t var_lib_t (dir (watch)))
                (allow user_t cockpit_ws_t (fd (use)))
                (allow user_t cockpit_ws_t (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_t initrc_runtime_t (file (watch)))
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t systemd_logind_runtime_t (dir (watch)))
                (dontaudit user_t user_tmpfs_t (file (execute)))
            )
            (optional unprivuser_optional_26
                (type user_dbusd_t)
                (roletype object_r user_dbusd_t)
                (type user_dbusd_tmpfs_t)
                (roletype object_r user_dbusd_tmpfs_t)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_t ))
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require sysfs_t)
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_t ))
                (typeattributeset cil_gen_require proc_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require etc_runtime_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tmpfs_t)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_t ))
                (typeattributeset cil_gen_require tmpfsfile)
                (typeattributeset cil_gen_require session_bus_type)
                (typeattributeset cil_gen_require system_dbusd_t)
                (typeattributeset cil_gen_require dbusd_exec_t)
                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                (typeattributeset cil_gen_require session_dbusd_home_t)
                (typeattributeset cil_gen_require session_dbusd_runtime_t)
                (typeattributeset cil_gen_require dbusd_system_bus_client)
                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                (typeattributeset cil_gen_require dbusd_etc_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r user_dbusd_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (dbusd_exec_t user_dbusd_tmpfs_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (dbusd_exec_t user_dbusd_tmpfs_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_dbusd_t ))
                (typeattributeset cil_gen_require dbusd_system_bus_client)
                (typeattributeset dbusd_system_bus_client (user_t ))
                (typeattributeset cil_gen_require session_bus_type)
                (typeattributeset session_bus_type (user_dbusd_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_dbusd_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (dbusd_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_dbusd_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (dbusd_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (dbusd_exec_t user_dbusd_tmpfs_t ))
                (typeattributeset cil_gen_require tmpfsfile)
                (typeattributeset tmpfsfile (user_dbusd_tmpfs_t ))
                (allow user_dbusd_t dbusd_exec_t (file (entrypoint)))
                (allow user_dbusd_t dbusd_exec_t (file (ioctl read getattr lock map execute open)))
                (allow user_t user_dbusd_t (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
                (allow user_t user_dbusd_t (dbus (send_msg acquire_svc)))
                (allow user_t user_dbusd_t (fd (use)))
                (dontaudit user_dbusd_t self (process (getcap)))
                (dontaudit user_dbusd_t self (cap_userns (sys_ptrace)))
                (allow user_t system_dbusd_t (dbus (send_msg acquire_svc)))
                (dontaudit user_t user_dbusd_t (netlink_selinux_socket (read write)))
                (allow user_t session_dbusd_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t session_dbusd_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t session_dbusd_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t session_dbusd_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t session_dbusd_runtime_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t dbusd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t user_dbusd_t (process (transition)))
                (dontaudit user_t user_dbusd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t dbusd_exec_t process user_dbusd_t)
                (allow user_dbusd_t user_t (fd (use)))
                (allow user_dbusd_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow user_dbusd_t user_t (process (sigchld)))
                (allow user_t user_dbusd_t (dir (ioctl read getattr lock open search)))
                (allow user_t user_dbusd_t (file (ioctl read getattr lock open)))
                (allow user_t user_dbusd_t (lnk_file (read getattr)))
                (allow user_t user_dbusd_t (process (getattr)))
                (allow user_t user_dbusd_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_dbusd_t user_t (process (sigkill)))
                (allow user_dbusd_t session_dbusd_tmp_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_dbusd_t self (unix_stream_socket (connectto)))
                (allow user_dbusd_t user_dbusd_tmpfs_t (file (ioctl read write getattr map)))
                (allow user_dbusd_t etc_t (dir (ioctl read getattr lock open search)))
                (allow user_dbusd_t etc_t (dir (getattr open search)))
                (allow user_dbusd_t etc_runtime_t (file (ioctl read getattr lock open)))
                (allow user_dbusd_t etc_t (dir (getattr open search)))
                (allow user_dbusd_t etc_runtime_t (lnk_file (read getattr)))
                (allow user_dbusd_tmpfs_t tmpfs_t (filesystem (associate)))
                (allow user_dbusd_t tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition user_dbusd_t tmpfs_t file user_dbusd_tmpfs_t)
                (allow user_dbusd_t proc_t (filesystem (getattr)))
                (allow user_dbusd_t bin_t (dir (getattr open search)))
                (allow user_dbusd_t bin_t (lnk_file (read getattr)))
                (allow user_dbusd_t usr_t (dir (getattr open search)))
                (allow user_dbusd_t bin_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t user_t (process (transition)))
                (dontaudit user_dbusd_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t bin_t process user_t)
                (allow user_dbusd_t bin_t (dir (getattr open search)))
                (allow user_dbusd_t bin_t (lnk_file (read getattr)))
                (allow user_dbusd_t usr_t (dir (getattr open search)))
                (allow user_dbusd_t bin_t (dir (getattr open search)))
                (allow user_dbusd_t bin_t (dir (ioctl read getattr lock open search)))
                (allow user_dbusd_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t user_t (process (transition)))
                (dontaudit user_dbusd_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t shell_exec_t process user_t)
                (allow user_dbusd_t sysfs_t (dir (getattr open search)))
                (allow user_dbusd_t sysfs_t (dir (getattr open search)))
                (allow user_dbusd_t security_t (dir (ioctl read getattr lock open search)))
                (allow user_dbusd_t security_t (file (ioctl read getattr map open)))
                (allow user_dbusd_t bin_t (dir (getattr open search)))
                (allow user_dbusd_t bin_t (lnk_file (read getattr)))
                (allow user_dbusd_t usr_t (dir (getattr open search)))
                (allow user_dbusd_t dbusd_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                (allow user_t system_dbusd_t (dbus (send_msg)))
                (allow user_t self (dbus (send_msg)))
                (allow system_dbusd_t user_t (dbus (send_msg)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_lib_t (dir (getattr open search)))
                (allow user_t system_dbusd_var_lib_t (dir (getattr open search)))
                (allow user_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                (allow user_t system_dbusd_var_lib_t (dir (getattr open search)))
                (allow user_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                (allow user_t session_dbusd_tmp_t (dir (getattr open search)))
                (allow user_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t system_dbusd_runtime_t (dir (getattr open search)))
                (allow user_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                (allow user_t system_dbusd_t (unix_stream_socket (connectto)))
                (allow user_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                (allow user_t dbusd_etc_t (file (ioctl read getattr lock open)))
                (allow user_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                (allow user_t system_dbusd_runtime_t (sock_file (read)))
                (allow user_t system_dbusd_var_lib_t (dir (getattr open search)))
                (allow user_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir ".dbus" session_dbusd_home_t)
                (optional unprivuser_optional_27
                    (typeattributeset cil_gen_require init_t)
                    (allow user_dbusd_t init_t (process (sigchld)))
                    (allow user_dbusd_t init_t (process (signull)))
                    (optional unprivuser_optional_28
                        (typeattributeset cil_gen_require rpm_t)
                        (allow user_dbusd_t rpm_t (fd (use)))
                        (allow user_dbusd_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional unprivuser_optional_29
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit user_dbusd_t security_t (filesystem (getattr)))
                        (dontaudit user_dbusd_t sysfs_t (filesystem (getattr)))
                        (dontaudit user_dbusd_t sysfs_t (dir (getattr open search)))
                        (dontaudit user_dbusd_t security_t (dir (getattr open search)))
                        (dontaudit user_dbusd_t security_t (file (ioctl read getattr lock open)))
                        (optional unprivuser_optional_30
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit user_dbusd_t selinux_config_t (dir (getattr open search)))
                            (dontaudit user_dbusd_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional unprivuser_optional_31
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require xdg_data_t)
                                (allow user_dbusd_t xdg_data_t (dir (getattr open search)))
                                (allow user_dbusd_t xdg_data_t (file (ioctl read getattr lock open)))
                                (allow user_dbusd_t xdg_data_t (file (map)))
                                (allow user_dbusd_t xdg_data_t (dir (getattr open search)))
                                (allow user_dbusd_t xdg_data_t (dir (ioctl read getattr lock open search)))
                                (allow user_dbusd_t xdg_data_t (dir (getattr open search)))
                                (allow user_dbusd_t xdg_data_t (lnk_file (read getattr)))
                                (allow user_dbusd_t user_home_dir_t (dir (getattr open search)))
                                (allow user_dbusd_t home_root_t (dir (getattr open search)))
                                (allow user_dbusd_t home_root_t (lnk_file (read getattr)))
                            )
                            (optional unprivuser_optional_32
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require systemd_logind_runtime_t)
                                (typeattributeset cil_gen_require user_systemd_t)
                                (typeattributeset cil_gen_require systemd_user_runtime_notify_t)
                                (typeattributeset cil_gen_require systemd_user_runtime_t)
                                (typeattributeset cil_gen_require systemd_user_unix_stream_activated_socket_type)
                                (typeattributeset cil_gen_require systemd_user_activated_sock_file_type)
                                (typeattributeset cil_gen_require systemd_user_unix_stream_activated_socket_type)
                                (typeattributeset systemd_user_unix_stream_activated_socket_type (user_dbusd_t ))
                                (typeattributeset cil_gen_require systemd_user_activated_sock_file_type)
                                (typeattributeset systemd_user_activated_sock_file_type (session_dbusd_runtime_t ))
                                (allow user_dbusd_t var_run_t (lnk_file (read getattr)))
                                (allow user_dbusd_t var_t (dir (getattr open search)))
                                (allow user_dbusd_t var_run_t (dir (getattr open search)))
                                (allow user_dbusd_t systemd_logind_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow user_dbusd_t systemd_logind_runtime_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t dbusd_exec_t (file (ioctl read getattr map execute open)))
                                (allow user_systemd_t user_dbusd_t (process (transition)))
                                (dontaudit user_systemd_t user_dbusd_t (process (noatsecure siginh rlimitinh)))
                                (typetransition user_systemd_t dbusd_exec_t process user_dbusd_t)
                                (allow user_dbusd_t user_systemd_t (fd (use)))
                                (allow user_dbusd_t user_systemd_t (fifo_file (ioctl read write getattr lock append)))
                                (allow user_dbusd_t user_systemd_t (process (sigchld)))
                                (allow user_systemd_t user_dbusd_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t user_dbusd_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t user_dbusd_t (lnk_file (read getattr)))
                                (allow user_systemd_t user_dbusd_t (process (getattr)))
                                (allow user_systemd_t user_dbusd_t (process (sigchld sigkill sigstop signull signal)))
                                (allow user_dbusd_t user_systemd_t (fd (use)))
                                (allow user_dbusd_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow user_dbusd_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow user_dbusd_t user_systemd_t (file (ioctl read getattr lock open)))
                                (allow user_dbusd_t user_systemd_t (lnk_file (read getattr)))
                                (allow user_dbusd_t user_systemd_t (process (getattr)))
                                (allow user_dbusd_t user_systemd_t (process (sigchld)))
                                (allow user_dbusd_t systemd_user_runtime_t (dir (getattr open search)))
                                (allow user_dbusd_t systemd_user_runtime_t (dir (getattr open search)))
                                (allow user_dbusd_t systemd_user_runtime_notify_t (sock_file (read write getattr append open)))
                                (allow user_dbusd_t user_systemd_t (unix_dgram_socket (sendto)))
                            )
                            (optional unprivuser_optional_33
                                (typeattributeset cil_gen_require accountsd_t)
                                (allow user_t accountsd_t (dbus (send_msg)))
                                (allow accountsd_t user_t (dbus (send_msg)))
                            )
                            (optional unprivuser_optional_34
                                (typeattributeset cil_gen_require bluetooth_t)
                                (allow user_t bluetooth_t (dbus (send_msg)))
                                (allow bluetooth_t user_t (dbus (send_msg)))
                            )
                            (optional unprivuser_optional_35
                                (typeattributeset cil_gen_require colord_t)
                                (allow user_t colord_t (dbus (send_msg)))
                                (allow colord_t user_t (dbus (send_msg)))
                            )
                            (optional unprivuser_optional_36
                                (typeattributeset cil_gen_require cupsd_config_t)
                                (allow user_t cupsd_config_t (dbus (send_msg)))
                                (allow cupsd_config_t user_t (dbus (send_msg)))
                            )
                            (optional unprivuser_optional_37
                                (typeattributeset cil_gen_require devicekit_disk_t)
                                (typeattributeset cil_gen_require devicekit_power_t)
                                (allow user_t devicekit_disk_t (dbus (send_msg)))
                                (allow devicekit_disk_t user_t (dbus (send_msg)))
                                (allow user_t devicekit_power_t (dbus (send_msg)))
                                (allow devicekit_power_t user_t (dbus (send_msg)))
                            )
                            (optional unprivuser_optional_38
                                (typeattributeset cil_gen_require NetworkManager_t)
                                (allow user_t NetworkManager_t (dbus (send_msg)))
                                (allow NetworkManager_t user_t (dbus (send_msg)))
                            )
                            (optional unprivuser_optional_39
                                (typeattributeset cil_gen_require policykit_t)
                                (allow user_t policykit_t (dbus (send_msg)))
                                (allow policykit_t user_t (dbus (send_msg)))
                            )
                            (optional unprivuser_optional_40
                                (typeattributeset cil_gen_require rtkit_daemon_t)
                                (allow user_t rtkit_daemon_t (dbus (send_msg)))
                                (allow rtkit_daemon_t user_t (dbus (send_msg)))
                            )
                            (optional unprivuser_optional_41
                                (typeattributeset cil_gen_require xdm_t)
                                (allow user_t xdm_t (dbus (send_msg)))
                                (allow xdm_t user_t (dbus (send_msg)))
                            )
                            (optional unprivuser_optional_42
                                (type user_systemd_t)
                                (roletype object_r user_systemd_t)
                                (type user_systemd_tmpfiles_t)
                                (roletype object_r user_systemd_tmpfiles_t)
                                (typeattributeset cil_gen_require user_application_exec_domain)
                                (typeattributeset user_application_exec_domain (user_t ))
                                (typeattributeset cil_gen_require domain)
                                (typeattributeset domain (user_t ))
                                (typeattributeset cil_gen_require init_t)
                                (typeattributeset cil_gen_require security_t)
                                (typeattributeset cil_gen_require sysfs_t)
                                (typeattributeset cil_gen_require selinux_config_t)
                                (typeattributeset cil_gen_require shell_exec_t)
                                (typeattributeset cil_gen_require entry_type)
                                (typeattributeset entry_type (shell_exec_t bin_t ))
                                (typeattributeset cil_gen_require exec_type)
                                (typeattributeset exec_type (shell_exec_t bin_t ))
                                (typeattributeset cil_gen_require file_type)
                                (typeattributeset file_type (shell_exec_t bin_t ))
                                (typeattributeset cil_gen_require non_security_file_type)
                                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                                (typeattributeset cil_gen_require non_auth_file_type)
                                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                                (typeattributeset cil_gen_require bin_t)
                                (typeattributeset cil_gen_require process_user_target)
                                (typeattributeset process_user_target (user_t ))
                                (typeattributeset cil_gen_require ubac_constrained_type)
                                (typeattributeset ubac_constrained_type (user_t ))
                                (typeattributeset cil_gen_require console_device_t)
                                (typeattributeset cil_gen_require device_t)
                                (typeattributeset cil_gen_require proc_t)
                                (typeattributeset cil_gen_require sysctl_t)
                                (typeattributeset cil_gen_require sysctl_kernel_t)
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require usr_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require lib_t)
                                (typeattributeset cil_gen_require locale_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require syslogd_t)
                                (typeattributeset cil_gen_require syslogd_runtime_t)
                                (typeattributeset cil_gen_require devlog_t)
                                (typeattributeset cil_gen_require init_runtime_t)
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require user_bin_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require user_runtime_t)
                                (typeattributeset cil_gen_require user_runtime_root_t)
                                (typeattributeset cil_gen_require tmpfs_t)
                                (typeattributeset cil_gen_require urandom_device_t)
                                (typeattributeset cil_gen_require cgroup_types)
                                (typeattributeset cil_gen_require default_context_t)
                                (typeattributeset cil_gen_require file_context_t)
                                (typeattributeset cil_gen_require kernel_t)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require user_dbusd_t)
                                (typeattributeset cil_gen_require systemd_user_runtime_notify_t)
                                (typeattributeset cil_gen_require systemd_user_runtime_t)
                                (typeattributeset cil_gen_require systemd_user_unix_stream_activated_socket_type)
                                (typeattributeset cil_gen_require systemd_user_activated_sock_file_type)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require systemd_user_session_type)
                                (typeattributeset cil_gen_require systemd_log_parse_env_type)
                                (typeattributeset cil_gen_require systemd_analyze_exec_t)
                                (typeattributeset cil_gen_require systemd_conf_home_t)
                                (typeattributeset cil_gen_require systemd_data_home_t)
                                (typeattributeset cil_gen_require systemd_tmpfiles_exec_t)
                                (typeattributeset cil_gen_require systemd_user_unit_t)
                                (typeattributeset cil_gen_require systemd_user_runtime_unit_t)
                                (typeattributeset cil_gen_require systemd_user_transient_unit_t)
                                (typeattributeset cil_gen_require init_exec_t)
                                (typeattributeset cil_gen_require fs_t)
                                (typeattributeset cil_gen_require nsfs_t)
                                (typeattributeset cil_gen_require init_linkable_keyring_type)
                                (typeattributeset cil_gen_require systemd_unit_t)
                                (typeattributeset cil_gen_require systemd_user_manager_unit_t)
                                (typeattributeset cil_gen_require mount_runtime_t)
                                (typeattributeset cil_gen_require systemd_runtime_notify_t)
                                (typeattributeset cil_gen_require dbusd_session_bus_client)
                                (typeattributeset cil_gen_require systemd_machined_t)
                                (typeattributeset cil_gen_require systemd_machined_devpts_t)
                                (typeattributeset cil_gen_require init_var_lib_t)
                                (typeattributeset cil_gen_require systemd_journal_t)
                                (typeattributeset cil_gen_require systemd_passwd_runtime_t)
                                (roleattributeset cil_gen_require user_r)
                                (roletype user_r user_systemd_t)
                                (roletype user_r user_systemd_tmpfiles_t)
                                (typeattributeset cil_gen_require non_auth_file_type)
                                (typeattributeset non_auth_file_type (systemd_tmpfiles_exec_t init_exec_t ))
                                (typeattributeset cil_gen_require file_type)
                                (typeattributeset file_type (systemd_tmpfiles_exec_t init_exec_t ))
                                (typeattributeset cil_gen_require domain)
                                (typeattributeset domain (user_systemd_t user_systemd_tmpfiles_t ))
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (user_systemd_t ))
                                (typeattributeset cil_gen_require user_application_exec_domain)
                                (typeattributeset user_application_exec_domain (user_systemd_t ))
                                (typeattributeset cil_gen_require systemd_user_session_type)
                                (typeattributeset systemd_user_session_type (user_systemd_t ))
                                (typeattributeset cil_gen_require process_user_target)
                                (typeattributeset process_user_target (user_systemd_t user_systemd_tmpfiles_t ))
                                (typeattributeset cil_gen_require systemd_log_parse_env_type)
                                (typeattributeset systemd_log_parse_env_type (user_systemd_t ))
                                (typeattributeset cil_gen_require entry_type)
                                (typeattributeset entry_type (systemd_tmpfiles_exec_t init_exec_t ))
                                (typeattributeset cil_gen_require init_linkable_keyring_type)
                                (typeattributeset init_linkable_keyring_type (user_systemd_t ))
                                (typeattributeset cil_gen_require ubac_constrained_type)
                                (typeattributeset ubac_constrained_type (user_systemd_t ))
                                (typeattributeset cil_gen_require exec_type)
                                (typeattributeset exec_type (systemd_tmpfiles_exec_t init_exec_t ))
                                (typeattributeset cil_gen_require dbusd_session_bus_client)
                                (typeattributeset dbusd_session_bus_client (user_systemd_t ))
                                (typeattributeset cil_gen_require non_security_file_type)
                                (typeattributeset non_security_file_type (systemd_tmpfiles_exec_t init_exec_t ))
                                (allow user_systemd_t init_exec_t (file (entrypoint)))
                                (allow user_systemd_t init_exec_t (file (ioctl read getattr lock map execute open)))
                                (allow init_t self (process (setexec)))
                                (allow init_t init_exec_t (file (ioctl read getattr map execute open)))
                                (allow init_t user_systemd_t (process (transition)))
                                (dontaudit init_t user_systemd_t (process (noatsecure siginh rlimitinh)))
                                (allow user_systemd_t init_t (fd (use)))
                                (allow user_systemd_t init_t (fifo_file (ioctl read write getattr lock append)))
                                (allow user_systemd_t init_t (process (sigchld)))
                                (allow init_t user_systemd_t (process (setsched noatsecure rlimitinh)))
                                (allow user_systemd_tmpfiles_t systemd_tmpfiles_exec_t (file (entrypoint)))
                                (allow user_systemd_tmpfiles_t systemd_tmpfiles_exec_t (file (ioctl read getattr lock map execute open)))
                                (allow user_systemd_t self (process (signal getsched)))
                                (allow user_systemd_t self (netlink_kobject_uevent_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                (allow user_systemd_t self (netlink_route_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read)))
                                (allow user_systemd_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown sendto)))
                                (allow user_systemd_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow user_systemd_t user_t (process (sigchld sigkill sigstop signull signal setsched rlimitinh)))
                                (allow user_systemd_t bin_t (dir (getattr open search)))
                                (allow user_systemd_t bin_t (lnk_file (read getattr)))
                                (allow user_systemd_t usr_t (dir (getattr open search)))
                                (allow user_systemd_t bin_t (dir (getattr open search)))
                                (allow user_systemd_t bin_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t shell_exec_t (file (ioctl read getattr map execute open)))
                                (allow user_systemd_t user_t (process (transition)))
                                (dontaudit user_systemd_t user_t (process (noatsecure siginh rlimitinh)))
                                (typetransition user_systemd_t shell_exec_t process user_t)
                                (allow user_systemd_t bin_t (dir (getattr open search)))
                                (allow user_systemd_t bin_t (lnk_file (read getattr)))
                                (allow user_systemd_t usr_t (dir (getattr open search)))
                                (allow user_systemd_t bin_t (file (ioctl read getattr map execute open)))
                                (allow user_systemd_t user_t (process (transition)))
                                (dontaudit user_systemd_t user_t (process (noatsecure siginh rlimitinh)))
                                (typetransition user_systemd_t bin_t process user_t)
                                (allow user_systemd_t systemd_user_unix_stream_activated_socket_type (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen getopt setopt shutdown)))
                                (allow user_systemd_t systemd_user_activated_sock_file_type (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow user_systemd_t systemd_user_activated_sock_file_type (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t systemd_user_runtime_t (blk_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t systemd_user_runtime_t (chr_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t systemd_user_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow user_systemd_t systemd_user_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t systemd_user_runtime_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t systemd_user_runtime_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow user_systemd_t systemd_user_runtime_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t systemd_user_runtime_unit_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow user_systemd_t systemd_user_runtime_unit_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t systemd_user_runtime_unit_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow user_systemd_t systemd_user_transient_unit_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow user_systemd_t systemd_user_transient_unit_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t systemd_user_transient_unit_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow user_systemd_t user_t (dir (getattr open search)))
                                (allow user_systemd_t user_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t user_t (lnk_file (read getattr)))
                                (allow user_systemd_t device_t (dir (getattr open search)))
                                (allow user_systemd_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                                (allow user_systemd_t home_root_t (dir (getattr open search)))
                                (allow user_systemd_t home_root_t (lnk_file (read getattr)))
                                (allow user_systemd_t etc_t (dir (watch)))
                                (allow user_systemd_t fs_t (filesystem (getattr)))
                                (allow user_systemd_t nsfs_t (file (getattr)))
                                (allow user_systemd_t cgroup_types (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow user_systemd_t cgroup_types (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t sysfs_t (dir (getattr open search)))
                                (allow user_systemd_t sysfs_t (dir (getattr open search)))
                                (allow user_systemd_t cgroup_types (file (watch)))
                                (dontaudit user_systemd_t proc_t (filesystem (getattr)))
                                (allow user_systemd_t kernel_t (unix_stream_socket (connectto)))
                                (allow user_systemd_t sysfs_t (dir (getattr open search)))
                                (allow user_systemd_t sysfs_t (dir (getattr open search)))
                                (allow user_systemd_t security_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t security_t (file (ioctl read getattr map open)))
                                (allow user_systemd_t systemd_unit_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t init_runtime_t (dir (getattr open search)))
                                (allow user_systemd_t systemd_unit_t (dir (getattr open search)))
                                (allow user_systemd_t etc_t (dir (getattr open search)))
                                (allow user_systemd_t usr_t (dir (getattr open search)))
                                (allow user_systemd_t lib_t (dir (getattr open search)))
                                (allow user_systemd_t tmpfs_t (dir (getattr open search)))
                                (allow user_systemd_t systemd_unit_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t init_t (dbus (send_msg)))
                                (allow init_t user_systemd_t (dbus (send_msg)))
                                (allow user_systemd_t systemd_user_manager_unit_t (service (status)))
                                (allow user_systemd_t systemd_user_manager_unit_t (service (start)))
                                (allow user_systemd_t systemd_user_manager_unit_t (service (stop)))
                                (allow user_systemd_t systemd_user_manager_unit_t (service (reload)))
                                (allow user_systemd_t locale_t (file (watch)))
                                (allow user_systemd_t mount_runtime_t (dir (getattr open search)))
                                (allow user_systemd_t mount_runtime_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t mount_runtime_t (file (watch)))
                                (allow user_systemd_t mount_runtime_t (file (watch_reads)))
                                (allow user_systemd_t etc_t (dir (getattr open search)))
                                (allow user_systemd_t selinux_config_t (dir (getattr open search)))
                                (allow user_systemd_t default_context_t (dir (getattr open search)))
                                (allow user_systemd_t etc_t (dir (getattr open search)))
                                (allow user_systemd_t selinux_config_t (dir (getattr open search)))
                                (allow user_systemd_t default_context_t (dir (getattr open search)))
                                (allow user_systemd_t file_context_t (dir (getattr open search)))
                                (allow user_systemd_t file_context_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t file_context_t (file (map)))
                                (allow user_systemd_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow user_systemd_t systemd_conf_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow user_systemd_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow user_systemd_t systemd_conf_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow user_systemd_t systemd_conf_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow user_systemd_t systemd_data_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow user_systemd_t systemd_data_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_systemd_t systemd_data_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow user_systemd_t systemd_user_runtime_unit_t (dir (getattr open search)))
                                (allow user_systemd_t systemd_user_runtime_unit_t (dir (getattr open search)))
                                (allow user_systemd_t systemd_user_transient_unit_t (dir (getattr open search)))
                                (allow user_systemd_t systemd_user_transient_unit_t (dir (getattr open search)))
                                (allow user_systemd_t systemd_user_unit_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t systemd_user_unit_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t systemd_user_unit_t (lnk_file (read getattr)))
                                (allow user_systemd_t init_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t var_run_t (lnk_file (read getattr)))
                                (allow user_systemd_t var_t (dir (getattr open search)))
                                (allow user_systemd_t var_run_t (dir (getattr open search)))
                                (allow user_systemd_t init_t (unix_dgram_socket (sendto)))
                                (allow user_systemd_t systemd_runtime_notify_t (sock_file (write getattr append open)))
                                (allow user_systemd_t system_dbusd_t (dbus (send_msg)))
                                (allow user_systemd_t self (dbus (send_msg)))
                                (allow system_dbusd_t user_systemd_t (dbus (send_msg)))
                                (allow user_systemd_t var_t (dir (getattr open search)))
                                (allow user_systemd_t var_lib_t (dir (getattr open search)))
                                (allow user_systemd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_systemd_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_systemd_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow user_systemd_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow user_systemd_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow user_systemd_t var_run_t (lnk_file (read getattr)))
                                (allow user_systemd_t var_t (dir (getattr open search)))
                                (allow user_systemd_t var_run_t (dir (getattr open search)))
                                (allow user_systemd_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow user_systemd_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow user_systemd_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow user_systemd_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t system_dbusd_runtime_t (sock_file (read)))
                                (allow user_systemd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_systemd_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow user_systemd_t user_dbusd_t (dbus (send_msg)))
                                (allow user_systemd_t self (dbus (send_msg)))
                                (allow user_dbusd_t user_systemd_t (dbus (send_msg)))
                                (allow user_systemd_t user_dbusd_t (unix_stream_socket (connectto)))
                                (allow user_systemd_t user_dbusd_t (fd (use)))
                                (allow user_systemd_t user_dbusd_t (dbus (acquire_svc)))
                                (allow user_systemd_t user_bin_t (dir (getattr open search)))
                                (allow user_systemd_t user_bin_t (file (ioctl read getattr map execute open execute_no_trans)))
                                (allow user_systemd_t user_bin_t (dir (getattr open search)))
                                (allow user_systemd_t user_bin_t (lnk_file (read getattr)))
                                (allow user_systemd_t home_root_t (dir (getattr open search)))
                                (allow user_systemd_t home_root_t (lnk_file (read getattr)))
                                (allow user_systemd_tmpfiles_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                                (allow user_systemd_t systemd_tmpfiles_exec_t (file (ioctl read getattr map execute open)))
                                (allow user_systemd_t user_systemd_tmpfiles_t (process (transition)))
                                (dontaudit user_systemd_t user_systemd_tmpfiles_t (process (noatsecure siginh rlimitinh)))
                                (typetransition user_systemd_t systemd_tmpfiles_exec_t process user_systemd_tmpfiles_t)
                                (allow user_systemd_tmpfiles_t user_systemd_t (fd (use)))
                                (allow user_systemd_tmpfiles_t user_systemd_t (fifo_file (ioctl read write getattr lock append)))
                                (allow user_systemd_tmpfiles_t user_systemd_t (process (sigchld)))
                                (allow user_systemd_t user_systemd_tmpfiles_t (dir (getattr open search)))
                                (allow user_systemd_t user_systemd_tmpfiles_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_tmpfiles_t var_run_t (lnk_file (read getattr)))
                                (allow user_systemd_tmpfiles_t var_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t var_run_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_tmpfiles_t etc_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_tmpfiles_t etc_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t etc_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_tmpfiles_t etc_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t etc_t (lnk_file (read getattr)))
                                (allow user_systemd_tmpfiles_t nsfs_t (file (getattr)))
                                (allow user_systemd_tmpfiles_t init_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t init_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_tmpfiles_t init_t (lnk_file (read getattr)))
                                (dontaudit user_systemd_tmpfiles_t proc_t (filesystem (getattr)))
                                (allow user_systemd_tmpfiles_t proc_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t sysctl_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t sysctl_kernel_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t sysctl_kernel_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_tmpfiles_t proc_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t sysctl_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_tmpfiles_t proc_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t proc_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_tmpfiles_t proc_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t proc_t (lnk_file (read getattr)))
                                (allow user_systemd_tmpfiles_t proc_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t proc_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_tmpfiles_t devlog_t (sock_file (write getattr append open)))
                                (allow user_systemd_tmpfiles_t var_run_t (lnk_file (read getattr)))
                                (allow user_systemd_tmpfiles_t var_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t var_run_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t init_runtime_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t syslogd_runtime_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t syslogd_t (unix_dgram_socket (sendto)))
                                (allow user_systemd_tmpfiles_t syslogd_t (unix_stream_socket (connectto)))
                                (allow user_systemd_tmpfiles_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                (allow user_systemd_tmpfiles_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                (allow user_systemd_tmpfiles_t device_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t device_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_tmpfiles_t device_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t device_t (lnk_file (read getattr)))
                                (allow user_systemd_tmpfiles_t console_device_t (chr_file (ioctl write getattr lock append open)))
                                (dontaudit user_systemd_tmpfiles_t console_device_t (chr_file (ioctl read getattr lock open)))
                                (allow user_systemd_tmpfiles_t sysfs_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t sysfs_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t security_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_tmpfiles_t security_t (file (ioctl read getattr map open)))
                                (allow user_systemd_tmpfiles_t etc_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t selinux_config_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t default_context_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t file_context_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t file_context_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_tmpfiles_t file_context_t (file (map)))
                                (allow user_systemd_tmpfiles_t user_home_dir_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t home_root_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t home_root_t (lnk_file (read getattr)))
                                (allow user_systemd_tmpfiles_t user_runtime_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t user_runtime_root_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t var_run_t (lnk_file (read getattr)))
                                (allow user_systemd_tmpfiles_t var_t (dir (getattr open search)))
                                (allow user_systemd_tmpfiles_t var_run_t (dir (getattr open search)))
                                (allow user_t user_systemd_t (process (signal)))
                                (allow user_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow user_t user_systemd_t (fd (use)))
                                (allow user_t user_systemd_t (fifo_file (ioctl read write getattr lock append)))
                                (allow user_t systemd_user_runtime_t (dir (getattr open search)))
                                (allow user_t systemd_user_runtime_t (sock_file (write getattr append open)))
                                (allow user_t user_systemd_t (unix_stream_socket (connectto)))
                                (allow user_t user_systemd_t (system (status start stop enable disable reload)))
                                (allow user_t systemd_user_runtime_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow user_t systemd_user_runtime_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                                (allow user_t systemd_user_runtime_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                                (allow user_t systemd_user_runtime_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                                (allow user_t systemd_user_runtime_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                                (allow user_systemd_t systemd_machined_t (fd (use)))
                                (allow user_systemd_t systemd_machined_devpts_t (chr_file (ioctl read write getattr append)))
                                (allow user_t systemd_machined_t (fd (use)))
                                (allow user_t systemd_machined_devpts_t (chr_file (ioctl read write getattr append)))
                                (allow user_t systemd_machined_t (dbus (send_msg)))
                                (allow systemd_machined_t user_t (dbus (send_msg)))
                                (allow user_t systemd_user_runtime_notify_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                                (allow user_t systemd_user_unit_t (service (reload start status stop)))
                                (allow user_t systemd_conf_home_t (service (reload start status stop)))
                                (allow user_t systemd_analyze_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                                (allow user_t init_t (dbus (send_msg)))
                                (allow init_t user_t (dbus (send_msg)))
                                (allow user_t var_t (dir (getattr open search)))
                                (allow user_t var_lib_t (dir (getattr open search)))
                                (allow user_t init_var_lib_t (dir (getattr open search)))
                                (allow user_t systemd_journal_t (dir (getattr open search)))
                                (allow user_t systemd_journal_t (dir (ioctl read getattr lock open search)))
                                (allow user_t systemd_journal_t (dir (getattr open search)))
                                (allow user_t systemd_journal_t (dir (ioctl read getattr lock open search)))
                                (allow user_t systemd_journal_t (dir (getattr open search)))
                                (allow user_t systemd_journal_t (file (ioctl read getattr map open)))
                                (allow user_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow user_t systemd_conf_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow user_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow user_t systemd_conf_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow user_t systemd_conf_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow user_t systemd_conf_home_t (dir (getattr open search)))
                                (allow user_t systemd_conf_home_t (dir (getattr relabelfrom relabelto)))
                                (allow user_t systemd_conf_home_t (dir (getattr open search)))
                                (allow user_t systemd_conf_home_t (file (getattr relabelfrom relabelto)))
                                (allow user_t systemd_conf_home_t (dir (getattr open search)))
                                (allow user_t systemd_conf_home_t (lnk_file (getattr relabelfrom relabelto)))
                                (allow user_t systemd_data_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow user_t systemd_data_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow user_t systemd_data_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow user_t systemd_data_home_t (dir (getattr open search)))
                                (allow user_t systemd_data_home_t (dir (getattr relabelfrom relabelto)))
                                (allow user_t systemd_data_home_t (dir (getattr open search)))
                                (allow user_t systemd_data_home_t (file (getattr relabelfrom relabelto)))
                                (allow user_t systemd_data_home_t (dir (getattr open search)))
                                (allow user_t systemd_data_home_t (lnk_file (getattr relabelfrom relabelto)))
                                (allow user_t systemd_user_unit_t (dir (ioctl read getattr lock open search)))
                                (allow user_t systemd_user_unit_t (file (ioctl read getattr lock open)))
                                (allow user_t systemd_user_unit_t (lnk_file (read getattr)))
                                (allow user_t systemd_user_runtime_unit_t (dir (getattr open search)))
                                (allow user_t systemd_user_runtime_unit_t (dir (ioctl read getattr lock open search)))
                                (allow user_t systemd_user_runtime_unit_t (dir (getattr open search)))
                                (allow user_t systemd_user_runtime_unit_t (file (ioctl read getattr lock open)))
                                (allow user_t systemd_user_runtime_unit_t (dir (getattr open search)))
                                (allow user_t systemd_user_runtime_unit_t (lnk_file (read getattr)))
                                (allow user_t systemd_user_transient_unit_t (dir (getattr open search)))
                                (allow user_t systemd_user_transient_unit_t (dir (ioctl read getattr lock open search)))
                                (allow user_t systemd_user_transient_unit_t (dir (getattr open search)))
                                (allow user_t systemd_user_transient_unit_t (file (ioctl read getattr lock open)))
                                (allow user_t systemd_user_transient_unit_t (dir (getattr open search)))
                                (allow user_t systemd_user_transient_unit_t (lnk_file (read getattr)))
                                (allow user_t systemd_user_runtime_unit_t (service (status)))
                                (allow user_t systemd_user_runtime_unit_t (service (reload)))
                                (allow user_t systemd_user_runtime_unit_t (service (start)))
                                (allow user_t systemd_user_runtime_unit_t (service (stop)))
                                (allow user_t systemd_user_transient_unit_t (service (status)))
                                (allow user_t systemd_user_transient_unit_t (service (reload)))
                                (allow user_t systemd_user_transient_unit_t (service (start)))
                                (allow user_t systemd_user_transient_unit_t (service (stop)))
                                (allow user_t systemd_passwd_runtime_t (dir (watch)))
                                (optional unprivuser_optional_43
                                    (typeattributeset cil_gen_require init_t)
                                    (allow user_systemd_t init_t (process (sigchld)))
                                    (allow user_systemd_t init_t (process (signull)))
                                    (optional unprivuser_optional_44
                                        (typeattributeset cil_gen_require rpm_t)
                                        (allow user_systemd_t rpm_t (fd (use)))
                                        (allow user_systemd_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                    )
                                    (optional unprivuser_optional_45
                                        (typeattributeset cil_gen_require security_t)
                                        (typeattributeset cil_gen_require sysfs_t)
                                        (dontaudit user_systemd_t security_t (filesystem (getattr)))
                                        (dontaudit user_systemd_t sysfs_t (filesystem (getattr)))
                                        (dontaudit user_systemd_t sysfs_t (dir (getattr open search)))
                                        (dontaudit user_systemd_t security_t (dir (getattr open search)))
                                        (dontaudit user_systemd_t security_t (file (ioctl read getattr lock open)))
                                        (optional unprivuser_optional_46
                                            (typeattributeset cil_gen_require selinux_config_t)
                                            (dontaudit user_systemd_t selinux_config_t (dir (getattr open search)))
                                            (dontaudit user_systemd_t selinux_config_t (file (ioctl read getattr lock open)))
                                            (optional unprivuser_optional_47
                                                (typeattributeset cil_gen_require init_t)
                                                (allow user_systemd_tmpfiles_t init_t (process (sigchld)))
                                                (allow user_systemd_tmpfiles_t init_t (process (signull)))
                                                (optional unprivuser_optional_48
                                                    (typeattributeset cil_gen_require rpm_t)
                                                    (allow user_systemd_tmpfiles_t rpm_t (fd (use)))
                                                    (allow user_systemd_tmpfiles_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                                )
                                                (optional unprivuser_optional_49
                                                    (typeattributeset cil_gen_require security_t)
                                                    (typeattributeset cil_gen_require sysfs_t)
                                                    (dontaudit user_systemd_tmpfiles_t security_t (filesystem (getattr)))
                                                    (dontaudit user_systemd_tmpfiles_t sysfs_t (filesystem (getattr)))
                                                    (dontaudit user_systemd_tmpfiles_t sysfs_t (dir (getattr open search)))
                                                    (dontaudit user_systemd_tmpfiles_t security_t (dir (getattr open search)))
                                                    (dontaudit user_systemd_tmpfiles_t security_t (file (ioctl read getattr lock open)))
                                                    (optional unprivuser_optional_50
                                                        (typeattributeset cil_gen_require selinux_config_t)
                                                        (dontaudit user_systemd_tmpfiles_t selinux_config_t (dir (getattr open search)))
                                                        (dontaudit user_systemd_tmpfiles_t selinux_config_t (file (ioctl read getattr lock open)))
                                                        (optional unprivuser_optional_51
                                                            (typeattributeset cil_gen_require user_home_dir_t)
                                                            (typeattributeset cil_gen_require home_root_t)
                                                            (typeattributeset cil_gen_require xdg_data_t)
                                                            (typeattributeset cil_gen_require xdg_config_t)
                                                            (allow user_systemd_t user_home_dir_t (dir (getattr open search)))
                                                            (allow user_systemd_t home_root_t (dir (getattr open search)))
                                                            (allow user_systemd_t home_root_t (lnk_file (read getattr)))
                                                            (allow user_systemd_t xdg_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                                            (allow user_systemd_t xdg_config_t (dir (create getattr)))
                                                            (allow user_systemd_t user_home_dir_t (dir (getattr open search)))
                                                            (allow user_systemd_t home_root_t (dir (getattr open search)))
                                                            (allow user_systemd_t home_root_t (lnk_file (read getattr)))
                                                            (allow user_systemd_t xdg_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                                            (allow user_systemd_t xdg_data_t (dir (create getattr)))
                                                            (allow user_systemd_t xdg_config_t (dir (getattr open search)))
                                                            (allow user_systemd_t xdg_config_t (file (ioctl read getattr lock open)))
                                                            (allow user_systemd_t xdg_config_t (file (map)))
                                                            (allow user_systemd_t xdg_config_t (dir (getattr open search)))
                                                            (allow user_systemd_t xdg_config_t (dir (ioctl read getattr lock open search)))
                                                            (allow user_systemd_t xdg_config_t (dir (getattr open search)))
                                                            (allow user_systemd_t xdg_config_t (lnk_file (read getattr)))
                                                            (allow user_systemd_t user_home_dir_t (dir (getattr open search)))
                                                            (allow user_systemd_t home_root_t (dir (getattr open search)))
                                                            (allow user_systemd_t home_root_t (lnk_file (read getattr)))
                                                            (allow user_systemd_t xdg_data_t (dir (getattr open search)))
                                                            (allow user_systemd_t xdg_data_t (file (ioctl read getattr lock open)))
                                                            (allow user_systemd_t xdg_data_t (file (map)))
                                                            (allow user_systemd_t xdg_data_t (dir (getattr open search)))
                                                            (allow user_systemd_t xdg_data_t (dir (ioctl read getattr lock open search)))
                                                            (allow user_systemd_t xdg_data_t (dir (getattr open search)))
                                                            (allow user_systemd_t xdg_data_t (lnk_file (read getattr)))
                                                            (allow user_systemd_t user_home_dir_t (dir (getattr open search)))
                                                            (allow user_systemd_t home_root_t (dir (getattr open search)))
                                                            (allow user_systemd_t home_root_t (lnk_file (read getattr)))
                                                            (typetransition user_systemd_t xdg_data_t dir "systemd" systemd_data_home_t)
                                                            (typetransition user_systemd_t xdg_config_t dir "systemd" systemd_conf_home_t)
                                                        )
                                                    )
                                                )
                                            )
                                        )
                                    )
                                )
                            )
                        )
                    )
                )
            )
            (optional unprivuser_optional_52
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require dpkg_var_lib_t)
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_lib_t (dir (getattr open search)))
                (allow user_t dpkg_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow user_t dpkg_var_lib_t (dir (getattr open search)))
                (allow user_t dpkg_var_lib_t (file (ioctl read getattr lock open)))
                (allow user_t dpkg_var_lib_t (dir (getattr open search)))
                (allow user_t dpkg_var_lib_t (lnk_file (read getattr)))
            )
            (optional unprivuser_optional_53
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require gssproxy_t)
                (typeattributeset cil_gen_require gssproxy_run_t)
                (typeattributeset cil_gen_require gssproxy_var_lib_t)
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t gssproxy_run_t (dir (getattr open search)))
                (allow user_t gssproxy_run_t (sock_file (write getattr append open)))
                (allow user_t gssproxy_t (unix_stream_socket (connectto)))
                (allow user_t gssproxy_var_lib_t (dir (getattr open search)))
                (allow user_t gssproxy_var_lib_t (sock_file (write getattr append open)))
                (allow user_t gssproxy_t (unix_stream_socket (connectto)))
            )
            (optional unprivuser_optional_54
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require hwloc_dhwd_exec_t)
                (typeattributeset cil_gen_require hwloc_runtime_t)
                (allow user_t hwloc_dhwd_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t hwloc_runtime_t (dir (getattr open search)))
                (allow user_t hwloc_runtime_t (file (ioctl read getattr lock open)))
            )
            (optional unprivuser_optional_55
                (typeattributeset cil_gen_require inetd_t)
                (allow user_t inetd_t (fd (use)))
                (allow user_t inetd_t (tcp_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
            )
            (optional unprivuser_optional_56
                (typeattributeset cil_gen_require innd_etc_t)
                (typeattributeset cil_gen_require innd_var_lib_t)
                (typeattributeset cil_gen_require news_spool_t)
                (allow user_t innd_etc_t (dir (ioctl read getattr lock open search)))
                (allow user_t innd_etc_t (file (ioctl read getattr lock open)))
                (allow user_t innd_etc_t (lnk_file (read getattr)))
                (allow user_t innd_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow user_t innd_var_lib_t (file (ioctl read getattr lock open)))
                (allow user_t news_spool_t (dir (ioctl read getattr lock open search)))
                (allow user_t news_spool_t (file (ioctl read getattr lock open)))
                (allow user_t news_spool_t (lnk_file (read getattr)))
            )
            (optional unprivuser_optional_57
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require krb5_home_t)
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t krb5_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t krb5_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t file ".k5login" krb5_home_t)
            )
            (optional unprivuser_optional_58
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require locate_var_lib_t)
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_lib_t (dir (getattr open search)))
                (allow user_t locate_var_lib_t (dir (getattr open search)))
                (allow user_t locate_var_lib_t (file (ioctl read getattr lock open)))
                (allow user_t locate_var_lib_t (dir (ioctl read getattr lock open search)))
            )
            (optional unprivuser_optional_59
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require mpd_user_data_t)
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t mpd_user_data_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mpd_user_data_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t mpd_user_data_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t mpd_user_data_t (dir (getattr relabelfrom relabelto)))
                (allow user_t mpd_user_data_t (file (getattr relabelfrom relabelto)))
                (allow user_t mpd_user_data_t (lnk_file (getattr relabelfrom relabelto)))
            )
            (optional unprivuser_optional_60
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require modules_conf_t)
                (typeattributeset cil_gen_require boot_t)
                (allow user_t etc_t (dir (getattr open search)))
                (allow user_t boot_t (dir (getattr open search)))
                (allow user_t modules_conf_t (dir (ioctl read getattr lock open search)))
                (allow user_t modules_conf_t (file (ioctl read getattr lock open)))
                (allow user_t modules_conf_t (lnk_file (read getattr)))
            )
            (optional unprivuser_optional_61
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require mail_spool_t)
                (typeattributeset cil_gen_require var_spool_t)
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_spool_t (dir (getattr open search)))
                (allow user_t mail_spool_t (dir (ioctl read getattr lock open search)))
                (allow user_t mail_spool_t (file (ioctl read write getattr lock append open)))
                (allow user_t mail_spool_t (lnk_file (read getattr)))
            )
            (optional unprivuser_optional_62
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require mysqld_home_t)
                (typeattributeset cil_gen_require mysqld_t)
                (typeattributeset cil_gen_require mysqld_runtime_t)
                (typeattributeset cil_gen_require mysqld_db_t)
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t mysqld_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t mysqld_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t file ".my.cnf" mysqld_home_t)
                (booleanif (allow_user_mysql_connect)
                    (true
                        (allow user_t mysqld_t (unix_stream_socket (connectto)))
                        (allow user_t mysqld_runtime_t (sock_file (write getattr append open)))
                        (allow user_t mysqld_runtime_t (dir (getattr open search)))
                        (allow user_t mysqld_db_t (dir (getattr open search)))
                        (allow user_t var_run_t (dir (getattr open search)))
                        (allow user_t var_t (dir (getattr open search)))
                        (allow user_t var_run_t (lnk_file (read getattr)))
                    )
                )
            )
            (optional unprivuser_optional_63
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require oidentd_home_t)
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t oidentd_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t oidentd_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t file ".oidentd.conf" oidentd_home_t)
            )
            (optional unprivuser_optional_64
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require pcscd_t)
                (typeattributeset cil_gen_require pcscd_runtime_t)
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t pcscd_runtime_t (dir (getattr open search)))
                (allow user_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t pcscd_runtime_t (dir (getattr open search)))
                (allow user_t pcscd_runtime_t (sock_file (write getattr append open)))
                (allow user_t pcscd_t (unix_stream_socket (connectto)))
                (allow pcscd_t user_t (dir (ioctl read getattr lock open search)))
                (allow pcscd_t user_t (file (ioctl read getattr lock open)))
            )
            (optional unprivuser_optional_65
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require netlabel_peer_t)
                (typeattributeset cil_gen_require postgresql_t)
                (typeattributeset cil_gen_require postgresql_runtime_t)
                (typeattributeset cil_gen_require postgresql_tmp_t)
                (typeattributeset cil_gen_require postgresql_port_t)
                (typeattributeset cil_gen_require postgresql_client_packet_t)
                (booleanif (allow_user_postgresql_connect)
                    (true
                        (allow user_t postgresql_client_packet_t (packet (recv)))
                        (allow user_t postgresql_client_packet_t (packet (send)))
                        (allow user_t postgresql_port_t (tcp_socket (name_connect)))
                        (allow postgresql_t netlabel_peer_t (tcp_socket (recvfrom)))
                        (allow postgresql_t netlabel_peer_t (peer (recv)))
                        (allow user_t netlabel_peer_t (tcp_socket (recvfrom)))
                        (allow user_t netlabel_peer_t (peer (recv)))
                        (allow postgresql_t user_t (peer (recv)))
                        (allow user_t postgresql_t (peer (recv)))
                        (allow postgresql_t user_t (tcp_socket (recvfrom)))
                        (allow postgresql_t user_t (association (recvfrom)))
                        (allow user_t postgresql_t (tcp_socket (recvfrom)))
                        (allow user_t postgresql_t (association (recvfrom)))
                        (allow user_t self (association (sendto)))
                        (allow postgresql_t self (association (sendto)))
                        (allow user_t tmp_t (dir (getattr open search)))
                        (allow user_t var_run_t (dir (getattr open search)))
                        (allow user_t var_t (dir (getattr open search)))
                        (allow user_t var_run_t (lnk_file (read getattr)))
                        (allow user_t postgresql_t (unix_stream_socket (connectto)))
                        (allow user_t postgresql_runtime_t (sock_file (write getattr append open)))
                        (allow user_t postgresql_tmp_t (sock_file (write getattr append open)))
                        (allow user_t postgresql_runtime_t (dir (getattr open search)))
                        (allow user_t postgresql_tmp_t (dir (getattr open search)))
                    )
                )
            )
            (optional unprivuser_optional_66
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require ppp_home_t)
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t ppp_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t ppp_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t file ".ppprc" ppp_home_t)
            )
            (optional unprivuser_optional_67
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require resmgrd_runtime_t)
                (typeattributeset cil_gen_require resmgrd_t)
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t resmgrd_runtime_t (dir (getattr open search)))
                (allow user_t resmgrd_runtime_t (sock_file (write getattr append open)))
                (allow user_t resmgrd_t (unix_stream_socket (connectto)))
            )
            (optional unprivuser_optional_68
                (typeattributeset cil_gen_require exports_t)
                (typeattributeset cil_gen_require nfsd_rw_t)
                (dontaudit user_t exports_t (file (getattr)))
                (allow user_t nfsd_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t nfsd_rw_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t nfsd_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t nfsd_rw_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t nfsd_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t nfsd_rw_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
            )
            (optional unprivuser_optional_69
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require samba_var_t)
                (typeattributeset cil_gen_require winbind_t)
                (typeattributeset cil_gen_require winbind_runtime_t)
                (typeattributeset cil_gen_require samba_runtime_t)
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t samba_var_t (dir (getattr open search)))
                (allow user_t winbind_runtime_t (dir (getattr open search)))
                (allow user_t samba_runtime_t (dir (getattr open search)))
                (allow user_t winbind_runtime_t (sock_file (write getattr append open)))
                (allow user_t winbind_t (unix_stream_socket (connectto)))
            )
            (optional unprivuser_optional_70
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_spool_t)
                (typeattributeset cil_gen_require slrnpull_spool_t)
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_spool_t (dir (getattr open search)))
                (allow user_t slrnpull_spool_t (dir (getattr open search)))
            )
            (optional unprivuser_optional_71
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require udev_runtime_t)
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t udev_runtime_t (dir (getattr open search)))
                (allow user_t udev_runtime_t (file (ioctl read getattr lock open)))
                (allow user_t udev_runtime_t (dir (getattr open search)))
                (allow user_t udev_runtime_t (lnk_file (read getattr)))
            )
            (optional unprivuser_optional_72
                (roleattributeset cil_gen_require usernetctl_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require usernetctl_t)
                (typeattributeset cil_gen_require usernetctl_exec_t)
                (roleattributeset cil_gen_require usernetctl_roles)
                (roleattributeset usernetctl_roles (user_r ))
                (allow user_t bin_t (dir (getattr open search)))
                (allow user_t bin_t (lnk_file (read getattr)))
                (allow user_t usr_t (dir (getattr open search)))
                (allow user_t usernetctl_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t usernetctl_t (process (transition)))
                (dontaudit user_t usernetctl_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t usernetctl_exec_t process usernetctl_t)
                (allow usernetctl_t user_t (fd (use)))
                (allow usernetctl_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow usernetctl_t user_t (process (sigchld)))
            )
            (optional unprivuser_optional_73
                (typeattributeset cil_gen_require init_t)
                (typeattributeset cil_gen_require init_runtime_t)
                (typeattributeset cil_gen_require systemd_userdbd_t)
                (typeattributeset cil_gen_require systemd_userdbd_runtime_t)
                (allow user_t init_runtime_t (dir (getattr open search)))
                (allow user_t systemd_userdbd_runtime_t (dir (ioctl read getattr lock open search)))
                (allow user_t systemd_userdbd_runtime_t (lnk_file (read getattr)))
                (allow user_t systemd_userdbd_runtime_t (dir (getattr open search)))
                (allow user_t systemd_userdbd_runtime_t (sock_file (write getattr append open)))
                (allow user_t systemd_userdbd_t (unix_stream_socket (connectto)))
                (allow user_t init_t (unix_stream_socket (connectto)))
            )
            (optional unprivuser_optional_74
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require virt_home_t)
                (typeattributeset cil_gen_require virt_content_t)
                (typeattributeset cil_gen_require svirt_home_t)
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t virt_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t virt_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir "VirtualMachines" virt_home_t)
                (typetransition user_t virt_home_t dir "qemu" svirt_home_t)
                (typetransition user_t virt_home_t dir "isos" virt_content_t)
                (typetransition user_t user_home_dir_t dir ".virtinst" virt_home_t)
                (typetransition user_t user_home_dir_t dir ".libvirt" virt_home_t)
            )
            (optional unprivuser_optional_75
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require ping_t)
                (typeattributeset cil_gen_require ping_exec_t)
                (typeattributeset cil_gen_require traceroute_t)
                (typeattributeset cil_gen_require traceroute_exec_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r ping_t)
                (roletype user_r traceroute_t)
                (booleanif (user_ping)
                    (true
                        (allow ping_t user_t (process (sigchld)))
                        (allow ping_t user_t (fifo_file (ioctl read write getattr lock append)))
                        (allow ping_t user_t (fd (use)))
                        (typetransition user_t ping_exec_t process ping_t)
                        (dontaudit user_t ping_t (process (noatsecure siginh rlimitinh)))
                        (allow user_t ping_t (process (transition)))
                        (allow user_t ping_exec_t (file (ioctl read getattr map execute open)))
                        (allow user_t usr_t (dir (getattr open search)))
                        (allow user_t bin_t (lnk_file (read getattr)))
                        (allow user_t bin_t (dir (getattr open search)))
                        (allow traceroute_t user_t (process (sigchld)))
                        (allow traceroute_t user_t (fifo_file (ioctl read write getattr lock append)))
                        (allow traceroute_t user_t (fd (use)))
                        (typetransition user_t traceroute_exec_t process traceroute_t)
                        (dontaudit user_t traceroute_t (process (noatsecure siginh rlimitinh)))
                        (allow user_t traceroute_t (process (transition)))
                        (allow user_t traceroute_exec_t (file (ioctl read getattr map execute open)))
                        (allow user_t usr_t (dir (getattr open search)))
                        (allow user_t bin_t (lnk_file (read getattr)))
                        (allow user_t bin_t (dir (getattr open search)))
                    )
                )
            )
            (optional unprivuser_optional_76
                (roleattributeset cil_gen_require pppd_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require pppd_t)
                (typeattributeset cil_gen_require pppd_exec_t)
                (roleattributeset cil_gen_require pppd_roles)
                (roleattributeset pppd_roles (user_r ))
                (booleanif (pppd_for_user)
                    (true
                        (allow pppd_t user_t (process (sigchld)))
                        (allow pppd_t user_t (fifo_file (ioctl read write getattr lock append)))
                        (allow pppd_t user_t (fd (use)))
                        (typetransition user_t pppd_exec_t process pppd_t)
                        (dontaudit user_t pppd_t (process (noatsecure siginh rlimitinh)))
                        (allow user_t pppd_t (process (transition)))
                        (allow user_t pppd_exec_t (file (ioctl read getattr map execute open)))
                        (allow user_t usr_t (dir (getattr open search)))
                        (allow user_t bin_t (lnk_file (read getattr)))
                        (allow user_t bin_t (dir (getattr open search)))
                    )
                )
            )
            (optional unprivuser_optional_77
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require setroubleshootd_t)
                (typeattributeset cil_gen_require setroubleshoot_runtime_t)
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t setroubleshoot_runtime_t (dir (getattr open search)))
                (allow user_t setroubleshoot_runtime_t (sock_file (write getattr append open)))
                (allow user_t setroubleshootd_t (unix_stream_socket (connectto)))
                (allow user_t setroubleshoot_runtime_t (sock_file (read)))
            )
            (optional unprivuser_optional_78
                (typeattributeset cil_gen_require init_t)
                (typeattributeset cil_gen_require systemd_logind_t)
                (typeattributeset cil_gen_require systemd_hostnamed_t)
                (typeattributeset cil_gen_require systemd_logind_inhibit_runtime_t)
                (allow user_t init_t (unix_stream_socket (ioctl read write getattr)))
                (allow user_t init_t (fd (use)))
                (allow user_t init_t (dir (getattr open search)))
                (allow user_t init_t (file (ioctl read getattr lock open)))
                (allow user_t init_t (lnk_file (read getattr)))
                (allow user_t systemd_logind_t (dbus (send_msg)))
                (allow systemd_logind_t user_t (dbus (send_msg)))
                (allow user_t systemd_logind_t (fd (use)))
                (allow user_t systemd_hostnamed_t (dbus (send_msg)))
                (allow systemd_hostnamed_t user_t (dbus (send_msg)))
                (allow user_t systemd_logind_t (fd (use)))
                (allow user_t systemd_logind_inhibit_runtime_t (fifo_file (write)))
            )
            (optional unprivuser_optional_79
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require xdg_data_t)
                (typeattributeset cil_gen_require xdg_config_t)
                (typeattributeset cil_gen_require xdg_cache_type)
                (typeattributeset cil_gen_require xdg_config_type)
                (typeattributeset cil_gen_require xdg_data_type)
                (typeattributeset cil_gen_require xdg_cache_t)
                (typeattributeset cil_gen_require xdg_documents_t)
                (typeattributeset cil_gen_require xdg_downloads_t)
                (typeattributeset cil_gen_require xdg_music_t)
                (typeattributeset cil_gen_require xdg_pictures_t)
                (typeattributeset cil_gen_require xdg_videos_t)
                (allow user_t xdg_cache_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_cache_type (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t xdg_cache_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_cache_type (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_cache_type (file (map)))
                (allow user_t xdg_cache_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_cache_type (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t xdg_cache_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_cache_type (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_cache_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_cache_type (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_cache_type (dir (getattr open search)))
                (allow user_t xdg_cache_type (dir (getattr relabelfrom relabelto)))
                (allow user_t xdg_cache_type (dir (getattr open search)))
                (allow user_t xdg_cache_type (file (getattr relabelfrom relabelto)))
                (allow user_t xdg_cache_type (dir (getattr open search)))
                (allow user_t xdg_cache_type (lnk_file (getattr relabelfrom relabelto)))
                (allow user_t xdg_cache_type (dir (getattr open search)))
                (allow user_t xdg_cache_type (fifo_file (getattr relabelfrom relabelto)))
                (allow user_t xdg_cache_type (dir (getattr open search)))
                (allow user_t xdg_cache_type (sock_file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_cache_type (dir (watch)))
                (allow user_t xdg_config_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_config_type (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t xdg_config_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_config_type (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_config_type (file (map)))
                (allow user_t xdg_config_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_config_type (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t xdg_config_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_config_type (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_config_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_config_type (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_config_type (dir (getattr open search)))
                (allow user_t xdg_config_type (dir (getattr relabelfrom relabelto)))
                (allow user_t xdg_config_type (dir (getattr open search)))
                (allow user_t xdg_config_type (file (getattr relabelfrom relabelto)))
                (allow user_t xdg_config_type (dir (getattr open search)))
                (allow user_t xdg_config_type (lnk_file (getattr relabelfrom relabelto)))
                (allow user_t xdg_config_type (dir (getattr open search)))
                (allow user_t xdg_config_type (fifo_file (getattr relabelfrom relabelto)))
                (allow user_t xdg_config_type (dir (getattr open search)))
                (allow user_t xdg_config_type (sock_file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_config_type (dir (watch)))
                (allow user_t xdg_data_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_data_type (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t xdg_data_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_data_type (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_data_type (file (map)))
                (allow user_t xdg_data_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_data_type (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t xdg_data_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_data_type (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_data_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_data_type (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_data_type (dir (getattr open search)))
                (allow user_t xdg_data_type (dir (getattr relabelfrom relabelto)))
                (allow user_t xdg_data_type (dir (getattr open search)))
                (allow user_t xdg_data_type (file (getattr relabelfrom relabelto)))
                (allow user_t xdg_data_type (dir (getattr open search)))
                (allow user_t xdg_data_type (lnk_file (getattr relabelfrom relabelto)))
                (allow user_t xdg_data_type (dir (getattr open search)))
                (allow user_t xdg_data_type (fifo_file (getattr relabelfrom relabelto)))
                (allow user_t xdg_data_type (dir (getattr open search)))
                (allow user_t xdg_data_type (sock_file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_data_type (dir (watch)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_documents_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_documents_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t xdg_documents_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_documents_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_documents_t (file (map)))
                (allow user_t xdg_documents_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_documents_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t xdg_documents_t (dir (getattr open search)))
                (allow user_t xdg_documents_t (dir (getattr relabelfrom relabelto)))
                (allow user_t xdg_documents_t (dir (getattr open search)))
                (allow user_t xdg_documents_t (file (getattr relabelfrom relabelto)))
                (allow user_t xdg_documents_t (dir (getattr open search)))
                (allow user_t xdg_documents_t (lnk_file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_documents_t (dir (watch)))
                (allow user_t xdg_downloads_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_downloads_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t xdg_downloads_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_downloads_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_downloads_t (file (map)))
                (allow user_t xdg_downloads_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_downloads_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t xdg_downloads_t (dir (getattr open search)))
                (allow user_t xdg_downloads_t (dir (getattr relabelfrom relabelto)))
                (allow user_t xdg_downloads_t (dir (getattr open search)))
                (allow user_t xdg_downloads_t (file (getattr relabelfrom relabelto)))
                (allow user_t xdg_downloads_t (dir (getattr open search)))
                (allow user_t xdg_downloads_t (lnk_file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_downloads_t (dir (watch)))
                (allow user_t xdg_music_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_music_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t xdg_music_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_music_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_music_t (file (map)))
                (allow user_t xdg_music_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_music_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t xdg_music_t (dir (getattr open search)))
                (allow user_t xdg_music_t (dir (getattr relabelfrom relabelto)))
                (allow user_t xdg_music_t (dir (getattr open search)))
                (allow user_t xdg_music_t (file (getattr relabelfrom relabelto)))
                (allow user_t xdg_music_t (dir (getattr open search)))
                (allow user_t xdg_music_t (lnk_file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_music_t (dir (watch)))
                (allow user_t xdg_pictures_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_pictures_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t xdg_pictures_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_pictures_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_pictures_t (file (map)))
                (allow user_t xdg_pictures_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_pictures_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t xdg_pictures_t (dir (getattr open search)))
                (allow user_t xdg_pictures_t (dir (getattr relabelfrom relabelto)))
                (allow user_t xdg_pictures_t (dir (getattr open search)))
                (allow user_t xdg_pictures_t (file (getattr relabelfrom relabelto)))
                (allow user_t xdg_pictures_t (dir (getattr open search)))
                (allow user_t xdg_pictures_t (lnk_file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_pictures_t (dir (watch)))
                (allow user_t xdg_videos_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_videos_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t xdg_videos_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_videos_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xdg_videos_t (file (map)))
                (allow user_t xdg_videos_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdg_videos_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t xdg_videos_t (dir (getattr open search)))
                (allow user_t xdg_videos_t (dir (getattr relabelfrom relabelto)))
                (allow user_t xdg_videos_t (dir (getattr open search)))
                (allow user_t xdg_videos_t (file (getattr relabelfrom relabelto)))
                (allow user_t xdg_videos_t (dir (getattr open search)))
                (allow user_t xdg_videos_t (lnk_file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_videos_t (dir (watch)))
                (typetransition user_t user_home_dir_t dir "Videos" xdg_videos_t)
                (typetransition user_t user_home_dir_t dir "Pictures" xdg_pictures_t)
                (typetransition user_t user_home_dir_t dir "Music" xdg_music_t)
                (typetransition user_t user_home_dir_t dir "Downloads" xdg_downloads_t)
                (typetransition user_t user_home_dir_t dir "Documents" xdg_documents_t)
                (typetransition user_t user_home_dir_t dir ".local" xdg_data_t)
                (typetransition user_t user_home_dir_t dir ".config" xdg_config_t)
                (typetransition user_t user_home_dir_t dir ".cache" xdg_cache_t)
            )
            (optional unprivuser_optional_80
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require usbguard_t)
                (typeattributeset cil_gen_require usbguard_tmpfs_t)
                (booleanif (usbguard_user_modify_rule_files)
                    (true
                        (allow user_t usbguard_t (unix_stream_socket (connectto)))
                        (allow user_t usbguard_tmpfs_t (sock_file (write getattr append open)))
                        (allow user_t usbguard_tmpfs_t (dir (getattr open search)))
                        (allow user_t var_run_t (dir (getattr open search)))
                        (allow user_t var_t (dir (getattr open search)))
                        (allow user_t var_run_t (lnk_file (read getattr)))
                    )
                )
            )
            (optional unprivuser_optional_81
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require httpdcontent)
                (typeattributeset cil_gen_require httpd_user_content_t)
                (typeattributeset cil_gen_require httpd_user_htaccess_t)
                (typeattributeset cil_gen_require httpd_user_script_t)
                (typeattributeset cil_gen_require httpd_user_script_exec_t)
                (typeattributeset cil_gen_require httpd_user_ra_content_t)
                (typeattributeset cil_gen_require httpd_user_rw_content_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r httpd_user_script_t)
                (allow user_t httpd_user_htaccess_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t httpd_user_content_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t httpd_user_content_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t httpd_user_content_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t httpd_user_ra_content_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t httpd_user_ra_content_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t httpd_user_ra_content_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t httpd_user_rw_content_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t httpd_user_rw_content_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t httpd_user_rw_content_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t httpd_user_script_exec_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t httpd_user_script_exec_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t httpd_user_script_exec_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t httpd_user_content_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t httpd_user_content_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t httpd_user_content_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition user_t httpd_user_content_t dir "logs" httpd_user_ra_content_t)
                (typetransition user_t httpd_user_content_t dir "cgi-bin" httpd_user_script_exec_t)
                (typetransition user_t httpd_user_content_t file ".htaccess" httpd_user_htaccess_t)
                (typetransition user_t user_home_dir_t dir "www" httpd_user_content_t)
                (typetransition user_t user_home_dir_t dir "web" httpd_user_content_t)
                (typetransition user_t user_home_dir_t dir "public_html" httpd_user_content_t)
                (booleanif (and (httpd_enable_cgi) (httpd_unified))
                    (true
                        (allow httpd_user_script_t user_application_exec_domain (process (sigchld)))
                        (allow httpd_user_script_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow httpd_user_script_t user_application_exec_domain (fd (use)))
                        (typetransition user_application_exec_domain httpdcontent process httpd_user_script_t)
                        (dontaudit user_application_exec_domain httpd_user_script_t (process (noatsecure siginh rlimitinh)))
                        (allow user_application_exec_domain httpd_user_script_t (process (transition)))
                        (allow user_application_exec_domain httpdcontent (file (ioctl read getattr map execute open)))
                    )
                )
                (booleanif (httpd_enable_cgi)
                    (true
                        (allow httpd_user_script_t user_application_exec_domain (process (sigchld)))
                        (allow httpd_user_script_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow httpd_user_script_t user_application_exec_domain (fd (use)))
                        (typetransition user_application_exec_domain httpd_user_script_exec_t process httpd_user_script_t)
                        (dontaudit user_application_exec_domain httpd_user_script_t (process (noatsecure siginh rlimitinh)))
                        (allow user_application_exec_domain httpd_user_script_t (process (transition)))
                        (allow user_application_exec_domain httpd_user_script_exec_t (file (ioctl read getattr map execute open)))
                    )
                )
                (optional unprivuser_optional_82
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t httpd_user_script_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t httpd_user_script_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t httpd_user_script_t (lnk_file (read getattr)))
                    (allow user_systemd_t httpd_user_script_t (process (getattr)))
                    (allow user_systemd_t httpd_user_script_t (process (sigchld sigkill sigstop signull signal)))
                    (allow httpd_user_script_t user_systemd_t (fd (use)))
                    (allow httpd_user_script_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow httpd_user_script_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow httpd_user_script_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow httpd_user_script_t user_systemd_t (lnk_file (read getattr)))
                    (allow httpd_user_script_t user_systemd_t (process (getattr)))
                    (allow httpd_user_script_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_83
                (type user_git_t)
                (roletype object_r user_git_t)
                (roleattributeset cil_gen_require git_session_roles)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_t ))
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_t ))
                (typeattributeset cil_gen_require git_client_domain)
                (typeattributeset cil_gen_require git_exec_t)
                (typeattributeset cil_gen_require git_home_t)
                (typeattributeset cil_gen_require git_home_hook_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require git_session_t)
                (typeattributeset cil_gen_require gitd_exec_t)
                (typeattributeset cil_gen_require git_user_content_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r user_git_t)
                (roleattributeset cil_gen_require git_session_roles)
                (roleattributeset git_session_roles (user_r ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (git_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (git_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_git_t ))
                (typeattributeset cil_gen_require git_client_domain)
                (typeattributeset git_client_domain (user_git_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (user_git_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_git_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (git_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_git_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (git_exec_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (git_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (git_exec_t ))
                (allow user_git_t git_exec_t (file (entrypoint)))
                (allow user_git_t git_exec_t (file (ioctl read getattr lock map execute open)))
                (allow user_application_exec_domain git_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain user_git_t (process (transition)))
                (dontaudit user_application_exec_domain user_git_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain git_exec_t process user_git_t)
                (allow user_git_t user_application_exec_domain (fd (use)))
                (allow user_git_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_git_t user_application_exec_domain (process (sigchld)))
                (allow user_t git_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t git_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t git_home_hook_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t git_home_hook_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute open execute_no_trans)))
                (allow user_t git_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_application_exec_domain user_git_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain user_git_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain user_git_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain user_git_t (lnk_file (read getattr)))
                (allow user_application_exec_domain user_git_t (process (getattr)))
                (allow user_application_exec_domain git_home_hook_t (dir (getattr open search)))
                (allow user_application_exec_domain git_home_hook_t (file (ioctl read getattr map execute open execute_no_trans)))
                (allow user_git_t git_home_t (file (ioctl read getattr map execute open)))
                (allow user_git_t user_t (process (transition)))
                (dontaudit user_git_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_git_t git_home_t process user_t)
                (allow user_t user_git_t (fd (use)))
                (allow user_t user_git_t (fifo_file (ioctl read write getattr lock append)))
                (allow user_t user_git_t (process (sigchld)))
                (allow user_t git_user_content_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t git_user_content_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute open execute_no_trans)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_application_exec_domain git_session_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain git_session_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain git_session_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain git_session_t (lnk_file (read getattr)))
                (allow user_application_exec_domain git_session_t (process (getattr)))
                (typetransition user_t user_home_dir_t dir "public_git" git_user_content_t)
                (typetransition user_t git_home_t dir "hooks" git_home_hook_t)
                (typetransition user_t user_home_dir_t dir ".git" git_home_t)
                (booleanif (git_session_users)
                    (true
                        (allow git_session_t user_application_exec_domain (process (sigchld)))
                        (allow git_session_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow git_session_t user_application_exec_domain (fd (use)))
                        (typetransition user_application_exec_domain gitd_exec_t process git_session_t)
                        (dontaudit user_application_exec_domain git_session_t (process (noatsecure siginh rlimitinh)))
                        (allow user_application_exec_domain git_session_t (process (transition)))
                        (allow user_application_exec_domain gitd_exec_t (file (ioctl read getattr map execute open)))
                    )
                    (false
                        (allow user_application_exec_domain gitd_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                    )
                )
                (optional unprivuser_optional_84
                    (typeattributeset cil_gen_require init_t)
                    (allow user_git_t init_t (process (sigchld)))
                    (allow user_git_t init_t (process (signull)))
                    (optional unprivuser_optional_85
                        (typeattributeset cil_gen_require rpm_t)
                        (allow user_git_t rpm_t (fd (use)))
                        (allow user_git_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional unprivuser_optional_86
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit user_git_t security_t (filesystem (getattr)))
                        (dontaudit user_git_t sysfs_t (filesystem (getattr)))
                        (dontaudit user_git_t sysfs_t (dir (getattr open search)))
                        (dontaudit user_git_t security_t (dir (getattr open search)))
                        (dontaudit user_git_t security_t (file (ioctl read getattr lock open)))
                        (optional unprivuser_optional_87
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit user_git_t selinux_config_t (dir (getattr open search)))
                            (dontaudit user_git_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional unprivuser_optional_88
                                (typeattributeset cil_gen_require ssh_t)
                                (typeattributeset cil_gen_require ssh_exec_t)
                                (allow user_git_t ssh_exec_t (file (ioctl read getattr map execute open)))
                                (allow user_git_t ssh_t (process (transition)))
                                (dontaudit user_git_t ssh_t (process (noatsecure siginh rlimitinh)))
                                (typetransition user_git_t ssh_exec_t process ssh_t)
                                (allow ssh_t user_git_t (fd (use)))
                                (allow ssh_t user_git_t (fifo_file (ioctl read write getattr lock append)))
                                (allow ssh_t user_git_t (process (sigchld)))
                            )
                            (optional unprivuser_optional_89
                                (typeattributeset cil_gen_require user_systemd_t)
                                (allow user_systemd_t user_git_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t user_git_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t user_git_t (lnk_file (read getattr)))
                                (allow user_systemd_t user_git_t (process (getattr)))
                                (allow user_systemd_t user_git_t (process (sigchld sigkill sigstop signull signal)))
                                (allow user_git_t user_systemd_t (fd (use)))
                                (allow user_git_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow user_git_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow user_git_t user_systemd_t (file (ioctl read getattr lock open)))
                                (allow user_git_t user_systemd_t (lnk_file (read getattr)))
                                (allow user_git_t user_systemd_t (process (getattr)))
                                (allow user_git_t user_systemd_t (process (sigchld)))
                                (optional unprivuser_optional_90
                                    (typeattributeset cil_gen_require user_systemd_t)
                                    (allow user_systemd_t git_session_t (dir (ioctl read getattr lock open search)))
                                    (allow user_systemd_t git_session_t (file (ioctl read getattr lock open)))
                                    (allow user_systemd_t git_session_t (lnk_file (read getattr)))
                                    (allow user_systemd_t git_session_t (process (getattr)))
                                    (allow user_systemd_t git_session_t (process (sigchld sigkill sigstop signull signal)))
                                    (allow git_session_t user_systemd_t (fd (use)))
                                    (allow git_session_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                    (allow git_session_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                    (allow git_session_t user_systemd_t (file (ioctl read getattr lock open)))
                                    (allow git_session_t user_systemd_t (lnk_file (read getattr)))
                                    (allow git_session_t user_systemd_t (process (getattr)))
                                    (allow git_session_t user_systemd_t (process (sigchld)))
                                )
                            )
                        )
                    )
                )
            )
            (optional unprivuser_optional_91
                (typeattributeset cil_gen_require modemmanager_t)
                (allow user_t modemmanager_t (dbus (send_msg)))
                (allow modemmanager_t user_t (dbus (send_msg)))
            )
            (optional unprivuser_optional_92
                (type user_screen_t)
                (roletype object_r user_screen_t)
                (roleattributeset cil_gen_require screen_roles)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_t ))
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_t ))
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require cert_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require user_home_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require nfs_t)
                (typeattributeset cil_gen_require cifs_t)
                (typeattributeset cil_gen_require urandom_device_t)
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (user_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require random_device_t)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_t ))
                (typeattributeset cil_gen_require var_log_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require screen_domain)
                (typeattributeset cil_gen_require screen_exec_t)
                (typeattributeset cil_gen_require screen_tmp_t)
                (typeattributeset cil_gen_require screen_home_t)
                (typeattributeset cil_gen_require screen_runtime_t)
                (typeattributeset cil_gen_require chkpwd_t)
                (typeattributeset cil_gen_require chkpwd_exec_t)
                (typeattributeset cil_gen_require shadow_t)
                (typeattributeset cil_gen_require auth_cache_t)
                (typeattributeset cil_gen_require faillog_t)
                (roleattributeset cil_gen_require screen_roles)
                (roleattributeset screen_roles (user_r ))
                (roletype screen_roles user_screen_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (screen_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (screen_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_screen_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (user_screen_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_screen_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (screen_exec_t ))
                (typeattributeset cil_gen_require screen_domain)
                (typeattributeset screen_domain (user_screen_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_screen_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (screen_exec_t ))
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (user_screen_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (screen_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (screen_exec_t ))
                (allow user_screen_t screen_exec_t (file (entrypoint)))
                (allow user_screen_t screen_exec_t (file (ioctl read getattr lock map execute open)))
                (dontaudit user_screen_t self (capability (sys_tty_config)))
                (dontaudit user_screen_t self (cap_userns (sys_ptrace)))
                (allow user_application_exec_domain screen_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain user_screen_t (process (transition)))
                (dontaudit user_application_exec_domain user_screen_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain screen_exec_t process user_screen_t)
                (allow user_screen_t user_application_exec_domain (fd (use)))
                (allow user_screen_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_screen_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain user_screen_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain user_screen_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain user_screen_t (lnk_file (read getattr)))
                (allow user_application_exec_domain user_screen_t (process (getattr)))
                (allow user_application_exec_domain user_screen_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (dontaudit user_application_exec_domain user_screen_t (unix_stream_socket (read write)))
                (allow user_screen_t user_application_exec_domain (process (signal)))
                (allow user_t screen_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t screen_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t screen_tmp_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t screen_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t screen_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t screen_home_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t screen_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t screen_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t screen_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t screen_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t screen_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t screen_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t screen_runtime_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t screen_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t screen_runtime_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_screen_t bin_t (dir (getattr open search)))
                (allow user_screen_t bin_t (lnk_file (read getattr)))
                (allow user_screen_t usr_t (dir (getattr open search)))
                (allow user_screen_t bin_t (file (ioctl read getattr map execute open)))
                (allow user_screen_t user_t (process (transition)))
                (dontaudit user_screen_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_screen_t bin_t process user_t)
                (allow user_screen_t bin_t (dir (getattr open search)))
                (allow user_screen_t bin_t (lnk_file (read getattr)))
                (allow user_screen_t usr_t (dir (getattr open search)))
                (allow user_screen_t bin_t (dir (getattr open search)))
                (allow user_screen_t bin_t (dir (ioctl read getattr lock open search)))
                (allow user_screen_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow user_screen_t user_t (process (transition)))
                (dontaudit user_screen_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_screen_t shell_exec_t process user_t)
                (allow user_screen_t auth_cache_t (dir (getattr open search)))
                (allow user_screen_t bin_t (dir (getattr open search)))
                (allow user_screen_t bin_t (lnk_file (read getattr)))
                (allow user_screen_t usr_t (dir (getattr open search)))
                (allow user_screen_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_screen_t chkpwd_t (process (transition)))
                (dontaudit user_screen_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_screen_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t user_screen_t (fd (use)))
                (allow chkpwd_t user_screen_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t user_screen_t (process (sigchld)))
                (dontaudit user_screen_t shadow_t (file (ioctl read getattr lock open)))
                (allow user_screen_t device_t (dir (getattr open search)))
                (allow user_screen_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_screen_t device_t (dir (getattr open search)))
                (allow user_screen_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_screen_t var_t (dir (getattr open search)))
                (allow user_screen_t var_log_t (dir (getattr open search)))
                (allow user_screen_t var_log_t (lnk_file (read getattr)))
                (allow user_screen_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow user_screen_t self (capability (audit_write)))
                (allow user_screen_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow user_screen_t cert_t (dir (ioctl read getattr lock open search)))
                (allow user_screen_t cert_t (dir (getattr open search)))
                (allow user_screen_t cert_t (file (ioctl read getattr lock open)))
                (allow user_screen_t cert_t (dir (getattr open search)))
                (allow user_screen_t cert_t (lnk_file (read getattr)))
                (allow user_screen_t user_home_t (file (ioctl read getattr map execute open)))
                (allow user_screen_t user_t (process (transition)))
                (dontaudit user_screen_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_screen_t user_home_t process user_t)
                (allow user_screen_t user_home_dir_t (dir (getattr open search)))
                (allow user_screen_t home_root_t (dir (getattr open search)))
                (allow user_screen_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t file ".tmux.conf" screen_home_t)
                (typetransition user_t user_home_dir_t file ".screenrc" screen_home_t)
                (typetransition user_t user_home_dir_t dir ".screen" screen_home_t)
                (booleanif (use_nfs_home_dirs)
                    (true
                        (typetransition user_screen_t nfs_t process user_t)
                        (dontaudit user_screen_t user_t (process (noatsecure siginh rlimitinh)))
                        (allow user_screen_t user_t (process (transition)))
                        (allow user_screen_t nfs_t (file (ioctl read getattr map execute open)))
                        (allow user_screen_t nfs_t (dir (getattr open search)))
                    )
                )
                (booleanif (use_samba_home_dirs)
                    (true
                        (typetransition user_screen_t cifs_t process user_t)
                        (dontaudit user_screen_t user_t (process (noatsecure siginh rlimitinh)))
                        (allow user_screen_t user_t (process (transition)))
                        (allow user_screen_t cifs_t (file (ioctl read getattr map execute open)))
                        (allow user_screen_t cifs_t (dir (getattr open search)))
                    )
                )
                (optional unprivuser_optional_93
                    (typeattributeset cil_gen_require init_t)
                    (allow user_screen_t init_t (process (sigchld)))
                    (allow user_screen_t init_t (process (signull)))
                    (optional unprivuser_optional_94
                        (typeattributeset cil_gen_require rpm_t)
                        (allow user_screen_t rpm_t (fd (use)))
                        (allow user_screen_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional unprivuser_optional_95
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit user_screen_t security_t (filesystem (getattr)))
                        (dontaudit user_screen_t sysfs_t (filesystem (getattr)))
                        (dontaudit user_screen_t sysfs_t (dir (getattr open search)))
                        (dontaudit user_screen_t security_t (dir (getattr open search)))
                        (dontaudit user_screen_t security_t (file (ioctl read getattr lock open)))
                        (optional unprivuser_optional_96
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit user_screen_t selinux_config_t (dir (getattr open search)))
                            (dontaudit user_screen_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional unprivuser_optional_97
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require krb5_keytab_t)
                                (allow user_screen_t etc_t (dir (getattr open search)))
                                (allow user_screen_t krb5_keytab_t (file (ioctl read getattr lock open)))
                            )
                            (optional unprivuser_optional_98
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require pcscd_t)
                                (typeattributeset cil_gen_require pcscd_runtime_t)
                                (allow user_screen_t var_run_t (lnk_file (read getattr)))
                                (allow user_screen_t var_t (dir (getattr open search)))
                                (allow user_screen_t var_run_t (dir (getattr open search)))
                                (allow user_screen_t pcscd_runtime_t (dir (getattr open search)))
                                (allow user_screen_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                (allow user_screen_t var_run_t (lnk_file (read getattr)))
                                (allow user_screen_t var_t (dir (getattr open search)))
                                (allow user_screen_t var_run_t (dir (getattr open search)))
                                (allow user_screen_t pcscd_runtime_t (dir (getattr open search)))
                                (allow user_screen_t pcscd_runtime_t (sock_file (write getattr append open)))
                                (allow user_screen_t pcscd_t (unix_stream_socket (connectto)))
                                (allow pcscd_t user_screen_t (dir (ioctl read getattr lock open search)))
                                (allow pcscd_t user_screen_t (file (ioctl read getattr lock open)))
                            )
                            (optional unprivuser_optional_99
                                (typeattributeset cil_gen_require user_systemd_t)
                                (allow user_systemd_t user_screen_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t user_screen_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t user_screen_t (lnk_file (read getattr)))
                                (allow user_systemd_t user_screen_t (process (getattr)))
                                (allow user_systemd_t user_screen_t (process (sigchld sigkill sigstop signull signal)))
                                (allow user_screen_t user_systemd_t (fd (use)))
                                (allow user_screen_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow user_screen_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow user_screen_t user_systemd_t (file (ioctl read getattr lock open)))
                                (allow user_screen_t user_systemd_t (lnk_file (read getattr)))
                                (allow user_screen_t user_systemd_t (process (getattr)))
                                (allow user_screen_t user_systemd_t (process (sigchld)))
                            )
                        )
                    )
                )
            )
            (optional unprivuser_optional_100
                (roleattributeset cil_gen_require vlock_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require vlock_t)
                (typeattributeset cil_gen_require vlock_exec_t)
                (roleattributeset cil_gen_require vlock_roles)
                (roleattributeset vlock_roles (user_r ))
                (allow user_t bin_t (dir (getattr open search)))
                (allow user_t bin_t (lnk_file (read getattr)))
                (allow user_t usr_t (dir (getattr open search)))
                (allow user_t vlock_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t vlock_t (process (transition)))
                (dontaudit user_t vlock_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t vlock_exec_t process vlock_t)
                (allow vlock_t user_t (fd (use)))
                (allow vlock_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow vlock_t user_t (process (sigchld)))
            )
            (optional unprivuser_optional_101
                (roleattributeset cil_gen_require xscreensaver_roles)
                (roleattributeset cil_gen_require xscreensaver_helper_roles)
                (typeattributeset cil_gen_require xscreensaver_t)
                (typeattributeset cil_gen_require xscreensaver_exec_t)
                (typeattributeset cil_gen_require xscreensaver_helper_t)
                (typeattributeset cil_gen_require xscreensaver_config_t)
                (typeattributeset cil_gen_require xscreensaver_tmpfs_t)
                (roleattributeset cil_gen_require xscreensaver_roles)
                (roleattributeset xscreensaver_roles (user_r ))
                (roleattributeset cil_gen_require xscreensaver_helper_roles)
                (roleattributeset xscreensaver_helper_roles (user_r ))
                (allow user_application_exec_domain xscreensaver_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain xscreensaver_t (process (transition)))
                (dontaudit user_application_exec_domain xscreensaver_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain xscreensaver_exec_t process xscreensaver_t)
                (allow xscreensaver_t user_application_exec_domain (fd (use)))
                (allow xscreensaver_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow xscreensaver_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain xscreensaver_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain xscreensaver_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain xscreensaver_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain xscreensaver_t (lnk_file (read getattr)))
                (allow user_application_exec_domain xscreensaver_t (process (getattr)))
                (allow user_t xscreensaver_config_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t xscreensaver_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t xscreensaver_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow xscreensaver_helper_t user_application_exec_domain (fd (use)))
                (optional unprivuser_optional_102
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t xscreensaver_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t xscreensaver_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t xscreensaver_t (lnk_file (read getattr)))
                    (allow user_systemd_t xscreensaver_t (process (getattr)))
                    (allow user_systemd_t xscreensaver_t (process (sigchld sigkill sigstop signull signal)))
                    (allow xscreensaver_t user_systemd_t (fd (use)))
                    (allow xscreensaver_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow xscreensaver_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow xscreensaver_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow xscreensaver_t user_systemd_t (lnk_file (read getattr)))
                    (allow xscreensaver_t user_systemd_t (process (getattr)))
                    (allow xscreensaver_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_103
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require lib_t)
                (typeattributeset cil_gen_require fonts_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require xdm_t)
                (typeattributeset cil_gen_require xdg_cache_t)
                (typeattributeset cil_gen_require iceauth_home_t)
                (typeattributeset cil_gen_require xserver_t)
                (typeattributeset cil_gen_require xserver_tmp_t)
                (typeattributeset cil_gen_require xserver_tmpfs_t)
                (typeattributeset cil_gen_require xauth_home_t)
                (typeattributeset cil_gen_require user_fonts_t)
                (typeattributeset cil_gen_require user_fonts_cache_t)
                (typeattributeset cil_gen_require user_fonts_config_t)
                (typeattributeset cil_gen_require mesa_shader_cache_t)
                (typeattributeset cil_gen_require iceauth_t)
                (typeattributeset cil_gen_require iceauth_exec_t)
                (typeattributeset cil_gen_require xauth_t)
                (typeattributeset cil_gen_require xauth_exec_t)
                (typeattributeset cil_gen_require xdm_tmp_t)
                (typeattributeset cil_gen_require xserver_misc_device_t)
                (typeattributeset cil_gen_require power_device_t)
                (typeattributeset cil_gen_require event_device_t)
                (typeattributeset cil_gen_require misc_device_t)
                (typeattributeset cil_gen_require agp_device_t)
                (typeattributeset cil_gen_require dri_device_t)
                (typeattributeset cil_gen_require usbfs_t)
                (typeattributeset cil_gen_require fonts_cache_t)
                (typeattributeset cil_gen_require root_xdrawable_t)
                (typeattributeset cil_gen_require xevent_t)
                (typeattributeset cil_gen_require client_xevent_t)
                (typeattributeset cil_gen_require input_xevent_t)
                (typeattributeset cil_gen_require user_input_xevent_t)
                (typeattributeset cil_gen_require x_domain)
                (typeattributeset cil_gen_require xdrawable_type)
                (typeattributeset cil_gen_require xcolormap_type)
                (typeattributeset cil_gen_require input_xevent_type)
                (typeattributeset cil_gen_require xserver_exec_t)
                (typeattributeset cil_gen_require xserver_unconfined_type)
                (typeattributeset cil_gen_require xsession_exec_t)
                (typeattributeset cil_gen_require xserver_log_t)
                (typeattributeset cil_gen_require xdm_var_run_t)
                (typeattributeset cil_gen_require xsession_log_t)
                (typeattributeset cil_gen_require xkb_var_lib_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r xserver_t)
                (roletype user_r iceauth_t)
                (roletype user_r xauth_t)
                (typeattributeset cil_gen_require x_domain)
                (typeattributeset x_domain (user_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (xsession_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (xsession_exec_t ))
                (typeattributeset cil_gen_require xdrawable_type)
                (typeattributeset xdrawable_type (user_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (xsession_exec_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (xsession_exec_t ))
                (typeattributeset cil_gen_require xserver_unconfined_type)
                (typeattributeset xserver_unconfined_type (user_t ))
                (typeattributeset cil_gen_require xcolormap_type)
                (typeattributeset xcolormap_type (user_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (xsession_exec_t ))
                (allow xserver_t user_t (fd (use)))
                (allow xserver_t user_t (shm (getattr read write associate unix_read unix_write lock)))
                (allow xserver_t user_t (process (signal)))
                (allow user_t user_fonts_t (dir (ioctl read getattr lock open search)))
                (allow user_t user_fonts_t (file (ioctl read getattr lock open)))
                (allow user_t user_fonts_config_t (dir (ioctl read getattr lock open search)))
                (allow user_t user_fonts_config_t (file (ioctl read getattr lock open)))
                (allow user_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xserver_tmp_t (dir (getattr open search)))
                (allow user_t xserver_tmp_t (sock_file (write getattr append open)))
                (allow user_t xserver_t (unix_stream_socket (connectto)))
                (allow user_t tmp_t (dir (getattr open search)))
                (allow user_t xserver_t (fd (use)))
                (allow user_t xserver_t (shm (getattr read associate unix_read)))
                (allow user_t xserver_tmpfs_t (file (ioctl read getattr lock map open)))
                (allow user_t iceauth_t (dir (ioctl read getattr lock open search)))
                (allow user_t iceauth_t (file (ioctl read getattr lock open)))
                (allow user_t iceauth_t (lnk_file (read getattr)))
                (allow user_t iceauth_t (process (getattr)))
                (allow user_t iceauth_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t iceauth_t (process (transition)))
                (dontaudit user_t iceauth_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t iceauth_exec_t process iceauth_t)
                (allow iceauth_t user_t (fd (use)))
                (allow iceauth_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow iceauth_t user_t (process (sigchld)))
                (allow user_t iceauth_home_t (file (ioctl read getattr lock open)))
                (allow user_t xauth_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t xauth_t (process (transition)))
                (dontaudit user_t xauth_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t xauth_exec_t process xauth_t)
                (allow xauth_t user_t (fd (use)))
                (allow xauth_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow xauth_t user_t (process (sigchld)))
                (allow user_t xauth_t (process (signal)))
                (allow user_t xauth_t (dir (ioctl read getattr lock open search)))
                (allow user_t xauth_t (file (ioctl read getattr lock open)))
                (allow user_t xauth_t (lnk_file (read getattr)))
                (allow user_t xauth_t (process (getattr)))
                (allow user_t xserver_t (process (signal)))
                (allow user_t xauth_home_t (file (ioctl read getattr lock open)))
                (allow user_t xdm_t (fd (use)))
                (allow user_t xdm_t (fifo_file (ioctl read write getattr lock append)))
                (allow user_t xdm_tmp_t (dir (search)))
                (allow user_t xdm_tmp_t (sock_file (read write)))
                (dontaudit user_t xdm_t (tcp_socket (read write)))
                (allow user_t xserver_tmp_t (file (ioctl read getattr lock)))
                (allow user_t device_t (dir (getattr open search)))
                (allow user_t xserver_misc_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow user_t xserver_misc_device_t (chr_file (map)))
                (allow user_t device_t (dir (getattr open search)))
                (allow user_t power_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow user_t device_t (dir (getattr open search)))
                (allow user_t event_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_t device_t (dir (getattr open search)))
                (allow user_t misc_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_t device_t (dir (getattr open search)))
                (allow user_t misc_device_t (chr_file (ioctl write getattr lock append open)))
                (allow user_t device_t (dir (getattr open search)))
                (allow user_t agp_device_t (chr_file (getattr)))
                (dontaudit user_t dri_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow user_t usbfs_t (dir (getattr open search)))
                (allow user_t usbfs_t (dir (ioctl read getattr lock open search)))
                (allow user_t usbfs_t (dir (getattr open search)))
                (allow user_t usbfs_t (file (ioctl read write getattr lock append open)))
                (allow user_t usbfs_t (dir (getattr open search)))
                (allow user_t usbfs_t (lnk_file (read getattr)))
                (allow user_t usr_t (dir (getattr open search)))
                (allow user_t lib_t (dir (getattr open search)))
                (allow user_t fonts_t (dir (ioctl read getattr lock open search)))
                (allow user_t fonts_t (dir (getattr open search)))
                (allow user_t fonts_t (file (ioctl read getattr lock open)))
                (allow user_t fonts_t (file (map)))
                (allow user_t fonts_t (dir (getattr open search)))
                (allow user_t fonts_t (lnk_file (read getattr)))
                (allow user_t fonts_cache_t (dir (ioctl read getattr lock open search)))
                (allow user_t fonts_cache_t (dir (getattr open search)))
                (allow user_t fonts_cache_t (file (ioctl read getattr lock open)))
                (allow user_t fonts_cache_t (file (map)))
                (allow user_t fonts_cache_t (dir (getattr open search)))
                (allow user_t fonts_cache_t (lnk_file (read getattr)))
                (allow user_t fonts_t (dir (watch)))
                (typetransition user_t root_xdrawable_t x_drawable user_t)
                (typetransition user_t input_xevent_t x_event user_input_xevent_t)
                (allow user_t user_input_xevent_t (x_event (send)))
                (allow user_t user_input_xevent_t (x_synthetic_event (send)))
                (allow user_t user_input_xevent_t (x_event (receive)))
                (allow user_t user_input_xevent_t (x_synthetic_event (receive)))
                (allow user_t client_xevent_t (x_event (receive)))
                (allow user_t client_xevent_t (x_synthetic_event (receive)))
                (allow user_t xevent_t (x_event (receive)))
                (allow user_t xevent_t (x_synthetic_event (receive)))
                (dontaudit user_t input_xevent_type (x_event (send)))
                (allow user_t xserver_t (process (siginh)))
                (allow user_t xserver_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t xserver_t (process (transition)))
                (dontaudit user_t xserver_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t xserver_exec_t process xserver_t)
                (allow xserver_t user_t (fd (use)))
                (allow xserver_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow xserver_t user_t (process (sigchld)))
                (allow user_t xsession_exec_t (file (entrypoint)))
                (allow user_t xsession_exec_t (file (ioctl read getattr lock map execute open)))
                (dontaudit user_t xserver_log_t (file (ioctl write append)))
                (allow user_t tmp_t (dir (getattr open search)))
                (allow user_t xdm_tmp_t (dir (getattr open search)))
                (allow user_t xdm_tmp_t (sock_file (write getattr append open)))
                (allow user_t xdm_t (unix_stream_socket (connectto)))
                (allow user_t user_fonts_t (dir (ioctl read getattr lock open watch search)))
                (allow user_t user_fonts_t (file (ioctl read getattr lock map open)))
                (allow user_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_fonts_cache_t (file (ioctl read getattr lock map open)))
                (allow user_t user_fonts_config_t (dir (ioctl read getattr lock open search)))
                (allow user_t user_fonts_config_t (file (ioctl read getattr lock open)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xdg_cache_t (dir (getattr open search)))
                (allow user_t xdg_cache_t (dir (getattr open search)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t var_run_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_run_t (dir (getattr open search)))
                (allow user_t xdm_var_run_t (dir (getattr open search)))
                (allow user_t xdm_var_run_t (file (ioctl read getattr lock open)))
                (allow user_t tmp_t (dir (getattr open search)))
                (allow user_t xdm_tmp_t (dir (ioctl read getattr lock open search)))
                (allow user_t xdm_tmp_t (dir (ioctl write getattr lock open add_name search)))
                (allow user_t xdm_tmp_t (sock_file (create getattr open)))
                (allow user_t xdm_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t xdm_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t xsession_log_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xserver_tmp_t (file (ioctl read write getattr lock append open)))
                (allow user_t iceauth_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t iceauth_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t xauth_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t xauth_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t user_fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_fonts_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t user_fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_fonts_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_fonts_t (dir (getattr open search)))
                (allow user_t user_fonts_t (dir (getattr relabelfrom relabelto)))
                (allow user_t user_fonts_t (dir (getattr open search)))
                (allow user_t user_fonts_t (file (getattr relabelfrom relabelto)))
                (allow user_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_fonts_cache_t (dir (getattr open search)))
                (allow user_t user_fonts_cache_t (dir (getattr relabelfrom relabelto)))
                (allow user_t user_fonts_cache_t (dir (getattr open search)))
                (allow user_t user_fonts_cache_t (file (getattr relabelfrom relabelto)))
                (allow user_t user_fonts_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_fonts_config_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t user_fonts_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_fonts_config_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_fonts_config_t (dir (getattr open search)))
                (allow user_t user_fonts_config_t (dir (getattr relabelfrom relabelto)))
                (allow user_t user_fonts_config_t (dir (getattr open search)))
                (allow user_t user_fonts_config_t (file (getattr relabelfrom relabelto)))
                (allow user_t mesa_shader_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t mesa_shader_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mesa_shader_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t mesa_shader_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t mesa_shader_cache_t (file (map)))
                (allow user_t mesa_shader_cache_t (dir (getattr open search)))
                (allow user_t mesa_shader_cache_t (dir (getattr relabelfrom relabelto)))
                (allow user_t mesa_shader_cache_t (dir (getattr open search)))
                (allow user_t mesa_shader_cache_t (file (getattr relabelfrom relabelto)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t var_t (dir (getattr open search)))
                (allow user_t var_lib_t (dir (getattr open search)))
                (allow user_t xkb_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow user_t xkb_var_lib_t (dir (getattr open search)))
                (allow user_t xkb_var_lib_t (file (ioctl read getattr lock open)))
                (allow user_t xkb_var_lib_t (dir (getattr open search)))
                (allow user_t xkb_var_lib_t (lnk_file (read getattr)))
                (allow user_t xkb_var_lib_t (file (map)))
                (allow user_t xdm_t (unix_stream_socket (accept)))
                (typetransition user_t user_home_dir_t file ".ICEauthority" iceauth_home_t)
                (typetransition user_t user_home_dir_t file ".xsession-errors" xsession_log_t)
                (booleanif (xserver_allow_dri)
                    (true
                        (allow user_t dri_device_t (chr_file (map)))
                        (allow user_t dri_device_t (chr_file (ioctl read write getattr lock append open)))
                        (allow user_t device_t (dir (getattr open search)))
                    )
                )
                (booleanif (or (allow_write_xshm) (xserver_client_writes_xserver_tmpfs))
                    (true
                        (allow user_t xserver_tmpfs_t (file (ioctl read write getattr lock append open)))
                        (allow user_t xserver_tmpfs_t (file (ioctl read write getattr lock append open)))
                    )
                )
                (booleanif (allow_write_xshm)
                    (true
                        (allow user_t xserver_t (shm (getattr read write associate unix_read unix_write lock)))
                        (allow user_t xserver_t (shm (getattr read write associate unix_read unix_write lock)))
                    )
                )
                (optional unprivuser_optional_104
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t iceauth_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t iceauth_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t iceauth_t (lnk_file (read getattr)))
                    (allow user_systemd_t iceauth_t (process (getattr)))
                    (allow user_systemd_t iceauth_t (process (sigchld sigkill sigstop signull signal)))
                    (allow iceauth_t user_systemd_t (fd (use)))
                    (allow iceauth_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow iceauth_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow iceauth_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow iceauth_t user_systemd_t (lnk_file (read getattr)))
                    (allow iceauth_t user_systemd_t (process (getattr)))
                    (allow iceauth_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t xauth_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t xauth_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t xauth_t (lnk_file (read getattr)))
                    (allow user_systemd_t xauth_t (process (getattr)))
                    (allow user_systemd_t xauth_t (process (sigchld sigkill sigstop signull signal)))
                    (allow xauth_t user_systemd_t (fd (use)))
                    (allow xauth_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow xauth_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow xauth_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow xauth_t user_systemd_t (lnk_file (read getattr)))
                    (allow xauth_t user_systemd_t (process (getattr)))
                    (allow xauth_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t xserver_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t xserver_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t xserver_t (lnk_file (read getattr)))
                    (allow user_systemd_t xserver_t (process (getattr)))
                    (allow user_systemd_t xserver_t (process (sigchld sigkill sigstop signull signal)))
                    (allow xserver_t user_systemd_t (fd (use)))
                    (allow xserver_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow xserver_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow xserver_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow xserver_t user_systemd_t (lnk_file (read getattr)))
                    (allow xserver_t user_systemd_t (process (getattr)))
                    (allow xserver_t user_systemd_t (process (sigchld)))
                    (optional unprivuser_optional_105
                        (typeattributeset cil_gen_require user_systemd_t)
                        (allow user_systemd_t xserver_t (dir (ioctl read getattr lock open search)))
                        (allow user_systemd_t xserver_t (file (ioctl read getattr lock open)))
                        (allow user_systemd_t xserver_t (lnk_file (read getattr)))
                        (allow user_systemd_t xserver_t (process (getattr)))
                        (allow user_systemd_t xserver_t (process (sigchld sigkill sigstop signull signal)))
                        (allow xserver_t user_systemd_t (fd (use)))
                        (allow xserver_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                        (allow xserver_t user_systemd_t (dir (ioctl read getattr lock open search)))
                        (allow xserver_t user_systemd_t (file (ioctl read getattr lock open)))
                        (allow xserver_t user_systemd_t (lnk_file (read getattr)))
                        (allow xserver_t user_systemd_t (process (getattr)))
                        (allow xserver_t user_systemd_t (process (sigchld)))
                    )
                )
                (optional unprivuser_optional_106
                    (typeattributeset cil_gen_require user_home_dir_t)
                    (typeattributeset cil_gen_require home_root_t)
                    (typeattributeset cil_gen_require xdg_cache_t)
                    (allow user_t user_home_dir_t (dir (getattr open search)))
                    (allow user_t home_root_t (dir (getattr open search)))
                    (allow user_t home_root_t (lnk_file (read getattr)))
                    (allow user_t xdg_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                    (allow user_t xdg_cache_t (dir (create getattr)))
                    (typetransition user_t xdg_cache_t dir "mesa_shader_cache" mesa_shader_cache_t)
                )
            )
            (optional unprivuser_optional_107
                (typeattributeset cil_gen_require chkpwd_t)
                (typeattributeset cil_gen_require chkpwd_exec_t)
                (typeattributeset cil_gen_require shadow_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r chkpwd_t)
                (allow user_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t chkpwd_t (process (transition)))
                (dontaudit user_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t user_t (fd (use)))
                (allow chkpwd_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t user_t (process (sigchld)))
                (allow user_t chkpwd_t (dir (ioctl read getattr lock open search)))
                (allow user_t chkpwd_t (file (ioctl read getattr lock open)))
                (allow user_t chkpwd_t (lnk_file (read getattr)))
                (allow user_t chkpwd_t (process (getattr)))
                (dontaudit user_t shadow_t (file (ioctl read getattr lock open)))
            )
            (optional unprivuser_optional_108
                (roleattributeset cil_gen_require bluetooth_helper_roles)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require bluetooth_t)
                (typeattributeset cil_gen_require bluetooth_helper_t)
                (typeattributeset cil_gen_require bluetooth_helper_exec_t)
                (typeattributeset cil_gen_require bluetooth_helper_tmp_t)
                (typeattributeset cil_gen_require bluetooth_helper_tmpfs_t)
                (typeattributeset cil_gen_require bluetooth_runtime_t)
                (roleattributeset cil_gen_require bluetooth_helper_roles)
                (roleattributeset bluetooth_helper_roles (user_r ))
                (allow user_application_exec_domain bluetooth_helper_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain bluetooth_helper_t (process (transition)))
                (dontaudit user_application_exec_domain bluetooth_helper_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain bluetooth_helper_exec_t process bluetooth_helper_t)
                (allow bluetooth_helper_t user_application_exec_domain (fd (use)))
                (allow bluetooth_helper_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow bluetooth_helper_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain bluetooth_helper_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain bluetooth_helper_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain bluetooth_helper_t (lnk_file (read getattr)))
                (allow user_application_exec_domain bluetooth_helper_t (process (getattr)))
                (allow user_application_exec_domain bluetooth_helper_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain bluetooth_t (socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_t bluetooth_helper_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t bluetooth_helper_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t bluetooth_helper_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t bluetooth_helper_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t bluetooth_helper_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_application_exec_domain bluetooth_runtime_t (dir (getattr open search)))
                (allow user_application_exec_domain bluetooth_runtime_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain bluetooth_t (unix_stream_socket (connectto)))
                (allow user_application_exec_domain var_run_t (lnk_file (read getattr)))
                (allow user_application_exec_domain var_t (dir (getattr open search)))
                (allow user_application_exec_domain var_run_t (dir (getattr open search)))
                (optional unprivuser_optional_109
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t bluetooth_helper_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t bluetooth_helper_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t bluetooth_helper_t (lnk_file (read getattr)))
                    (allow user_systemd_t bluetooth_helper_t (process (getattr)))
                    (allow user_systemd_t bluetooth_helper_t (process (sigchld sigkill sigstop signull signal)))
                    (allow bluetooth_helper_t user_systemd_t (fd (use)))
                    (allow bluetooth_helper_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow bluetooth_helper_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow bluetooth_helper_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow bluetooth_helper_t user_systemd_t (lnk_file (read getattr)))
                    (allow bluetooth_helper_t user_systemd_t (process (getattr)))
                    (allow bluetooth_helper_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_110
                (roleattributeset cil_gen_require cdrecord_roles)
                (typeattributeset cil_gen_require cdrecord_t)
                (typeattributeset cil_gen_require cdrecord_exec_t)
                (roleattributeset cil_gen_require cdrecord_roles)
                (roleattributeset cdrecord_roles (user_r ))
                (allow user_application_exec_domain cdrecord_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain cdrecord_t (process (transition)))
                (dontaudit user_application_exec_domain cdrecord_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain cdrecord_exec_t process cdrecord_t)
                (allow cdrecord_t user_application_exec_domain (fd (use)))
                (allow cdrecord_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow cdrecord_t user_application_exec_domain (process (sigchld)))
                (allow cdrecord_t user_application_exec_domain (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_application_exec_domain cdrecord_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain cdrecord_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain cdrecord_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain cdrecord_t (lnk_file (read getattr)))
                (allow user_application_exec_domain cdrecord_t (process (getattr)))
                (optional unprivuser_optional_111
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t cdrecord_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t cdrecord_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t cdrecord_t (lnk_file (read getattr)))
                    (allow user_systemd_t cdrecord_t (process (getattr)))
                    (allow user_systemd_t cdrecord_t (process (sigchld sigkill sigstop signull signal)))
                    (allow cdrecord_t user_systemd_t (fd (use)))
                    (allow cdrecord_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow cdrecord_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow cdrecord_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow cdrecord_t user_systemd_t (lnk_file (read getattr)))
                    (allow cdrecord_t user_systemd_t (process (getattr)))
                    (allow cdrecord_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_112
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require chromium_t)
                (typeattributeset cil_gen_require chromium_renderer_t)
                (typeattributeset cil_gen_require chromium_sandbox_t)
                (typeattributeset cil_gen_require chromium_naclhelper_t)
                (typeattributeset cil_gen_require chromium_exec_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r chromium_t)
                (roletype user_r chromium_renderer_t)
                (roletype user_r chromium_sandbox_t)
                (roletype user_r chromium_naclhelper_t)
                (allow user_application_exec_domain bin_t (dir (getattr open search)))
                (allow user_application_exec_domain bin_t (lnk_file (read getattr)))
                (allow user_application_exec_domain usr_t (dir (getattr open search)))
                (allow user_application_exec_domain chromium_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain chromium_t (process (transition)))
                (dontaudit user_application_exec_domain chromium_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain chromium_exec_t process chromium_t)
                (allow chromium_t user_application_exec_domain (fd (use)))
                (allow chromium_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow chromium_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain chromium_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain chromium_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain chromium_t (lnk_file (read getattr)))
                (allow user_application_exec_domain chromium_t (process (getattr)))
                (allow user_application_exec_domain chromium_renderer_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain chromium_renderer_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain chromium_renderer_t (lnk_file (read getattr)))
                (allow user_application_exec_domain chromium_renderer_t (process (getattr)))
                (allow user_application_exec_domain chromium_t (process (sigchld sigkill sigstop signull signal)))
                (allow user_application_exec_domain chromium_renderer_t (process (sigchld sigkill sigstop signull signal)))
                (allow user_application_exec_domain chromium_sandbox_t (process (sigchld sigkill sigstop signull signal)))
                (allow user_application_exec_domain chromium_naclhelper_t (process (sigchld sigkill sigstop signull signal)))
                (allow chromium_t user_application_exec_domain (process (signull signal)))
                (allow user_application_exec_domain chromium_t (unix_stream_socket (connectto)))
                (allow chromium_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow chromium_sandbox_t user_application_exec_domain (fd (use)))
                (allow chromium_naclhelper_t user_application_exec_domain (fd (use)))
                (allow user_application_exec_domain chromium_t (dbus (send_msg)))
                (allow chromium_t user_application_exec_domain (dbus (send_msg)))
                (optional unprivuser_optional_113
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t chromium_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t chromium_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t chromium_t (lnk_file (read getattr)))
                    (allow user_systemd_t chromium_t (process (getattr)))
                    (allow user_systemd_t chromium_t (process (sigchld sigkill sigstop signull signal)))
                    (allow chromium_t user_systemd_t (fd (use)))
                    (allow chromium_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow chromium_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow chromium_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow chromium_t user_systemd_t (lnk_file (read getattr)))
                    (allow chromium_t user_systemd_t (process (getattr)))
                    (allow chromium_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_114
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require cronjob_t)
                (typeattributeset cil_gen_require crontab_t)
                (typeattributeset cil_gen_require crontab_exec_t)
                (typeattributeset cil_gen_require user_cron_spool_t)
                (typeattributeset cil_gen_require crond_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r cronjob_t)
                (roletype user_r crontab_t)
                (allow user_t crontab_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t crontab_t (process (transition)))
                (dontaudit user_t crontab_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t crontab_exec_t process crontab_t)
                (allow crontab_t user_t (fd (use)))
                (allow crontab_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow crontab_t user_t (process (sigchld)))
                (dontaudit crond_t user_application_exec_domain (process (noatsecure siginh rlimitinh)))
                (allow user_t crond_t (process (sigchld)))
                (allow user_t user_cron_spool_t (file (ioctl read write getattr lock append)))
                (allow user_t crontab_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_t crontab_t (dir (ioctl read getattr lock open search)))
                (allow user_t crontab_t (file (ioctl read getattr lock open)))
                (allow user_t crontab_t (lnk_file (read getattr)))
                (allow user_t crontab_t (process (getattr)))
                (allow crontab_t bin_t (dir (getattr open search)))
                (allow crontab_t bin_t (lnk_file (read getattr)))
                (allow crontab_t usr_t (dir (getattr open search)))
                (allow crontab_t bin_t (dir (getattr open search)))
                (allow crontab_t bin_t (dir (ioctl read getattr lock open search)))
                (allow crontab_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                (allow crontab_t bin_t (dir (getattr open search)))
                (allow crontab_t bin_t (lnk_file (read getattr)))
                (allow crontab_t usr_t (dir (getattr open search)))
                (allow crontab_t bin_t (dir (getattr open search)))
                (allow crontab_t bin_t (dir (ioctl read getattr lock open search)))
                (allow crontab_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                (booleanif (cron_userdomain_transition)
                    (true
                        (allow user_t cronjob_t (process (getattr)))
                        (allow user_t cronjob_t (lnk_file (read getattr)))
                        (allow user_t cronjob_t (file (ioctl read getattr lock open)))
                        (allow user_t cronjob_t (dir (ioctl read getattr lock open search)))
                        (allow user_t cronjob_t (process (sigchld sigkill sigstop signull signal ptrace)))
                        (allow user_t crond_t (fifo_file (ioctl read write getattr lock append open)))
                        (allow user_t user_cron_spool_t (file (entrypoint)))
                        (allow crond_t user_t (key (view read write search link setattr create)))
                        (allow crond_t user_t (fd (use)))
                        (allow crond_t user_t (process (transition)))
                    )
                    (false
                        (dontaudit user_t cronjob_t (process (sigchld sigkill sigstop signull signal ptrace)))
                        (dontaudit user_t crond_t (fifo_file (ioctl read write getattr lock append open)))
                        (dontaudit user_t user_cron_spool_t (file (entrypoint)))
                        (dontaudit crond_t user_t (key (view read write search link setattr create)))
                        (dontaudit crond_t user_t (fd (use)))
                        (dontaudit crond_t user_t (process (transition)))
                    )
                )
                (optional unprivuser_optional_115
                    (typeattributeset cil_gen_require system_dbusd_t)
                    (allow cronjob_t user_t (dbus (send_msg)))
                )
            )
            (optional unprivuser_optional_116
                (typeattributeset cil_gen_require dirmngr_t)
                (typeattributeset cil_gen_require dirmngr_exec_t)
                (typeattributeset cil_gen_require dirmngr_tmp_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r dirmngr_t)
                (allow user_application_exec_domain dirmngr_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain dirmngr_t (process (transition)))
                (dontaudit user_application_exec_domain dirmngr_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain dirmngr_exec_t process dirmngr_t)
                (allow dirmngr_t user_application_exec_domain (fd (use)))
                (allow dirmngr_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow dirmngr_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain dirmngr_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain dirmngr_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain dirmngr_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain dirmngr_t (lnk_file (read getattr)))
                (allow user_application_exec_domain dirmngr_t (process (getattr)))
                (allow dirmngr_t user_application_exec_domain (fd (use)))
                (allow dirmngr_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_t dirmngr_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (optional unprivuser_optional_117
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t dirmngr_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t dirmngr_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t dirmngr_t (lnk_file (read getattr)))
                    (allow user_systemd_t dirmngr_t (process (getattr)))
                    (allow user_systemd_t dirmngr_t (process (sigchld sigkill sigstop signull signal)))
                    (allow dirmngr_t user_systemd_t (fd (use)))
                    (allow dirmngr_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow dirmngr_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow dirmngr_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow dirmngr_t user_systemd_t (lnk_file (read getattr)))
                    (allow dirmngr_t user_systemd_t (process (getattr)))
                    (allow dirmngr_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_118
                (roleattributeset cil_gen_require evolution_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require evolution_t)
                (typeattributeset cil_gen_require evolution_exec_t)
                (typeattributeset cil_gen_require evolution_home_t)
                (typeattributeset cil_gen_require evolution_alarm_t)
                (typeattributeset cil_gen_require evolution_alarm_exec_t)
                (typeattributeset cil_gen_require evolution_alarm_orbit_tmp_t)
                (typeattributeset cil_gen_require evolution_exchange_t)
                (typeattributeset cil_gen_require evolution_exchange_exec_t)
                (typeattributeset cil_gen_require evolution_exchange_tmp_t)
                (typeattributeset cil_gen_require evolution_exchange_orbit_tmp_t)
                (typeattributeset cil_gen_require evolution_orbit_tmp_t)
                (typeattributeset cil_gen_require evolution_server_orbit_tmp_t)
                (typeattributeset cil_gen_require evolution_server_t)
                (typeattributeset cil_gen_require evolution_server_exec_t)
                (typeattributeset cil_gen_require evolution_webcal_t)
                (typeattributeset cil_gen_require evolution_webcal_exec_t)
                (typeattributeset cil_gen_require evolution_alarm_tmpfs_t)
                (typeattributeset cil_gen_require evolution_exchange_tmpfs_t)
                (typeattributeset cil_gen_require evolution_tmpfs_t)
                (typeattributeset cil_gen_require evolution_webcal_tmpfs_t)
                (roleattributeset cil_gen_require evolution_roles)
                (roleattributeset evolution_roles (user_r ))
                (allow user_application_exec_domain evolution_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain evolution_t (process (transition)))
                (dontaudit user_application_exec_domain evolution_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain evolution_exec_t process evolution_t)
                (allow evolution_t user_application_exec_domain (fd (use)))
                (allow evolution_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow evolution_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain evolution_alarm_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain evolution_alarm_t (process (transition)))
                (dontaudit user_application_exec_domain evolution_alarm_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain evolution_alarm_exec_t process evolution_alarm_t)
                (allow evolution_alarm_t user_application_exec_domain (fd (use)))
                (allow evolution_alarm_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow evolution_alarm_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain evolution_exchange_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain evolution_exchange_t (process (transition)))
                (dontaudit user_application_exec_domain evolution_exchange_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain evolution_exchange_exec_t process evolution_exchange_t)
                (allow evolution_exchange_t user_application_exec_domain (fd (use)))
                (allow evolution_exchange_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow evolution_exchange_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain evolution_server_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain evolution_server_t (process (transition)))
                (dontaudit user_application_exec_domain evolution_server_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain evolution_server_exec_t process evolution_server_t)
                (allow evolution_server_t user_application_exec_domain (fd (use)))
                (allow evolution_server_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow evolution_server_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain evolution_webcal_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain evolution_webcal_t (process (transition)))
                (dontaudit user_application_exec_domain evolution_webcal_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain evolution_webcal_exec_t process evolution_webcal_t)
                (allow evolution_webcal_t user_application_exec_domain (fd (use)))
                (allow evolution_webcal_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow evolution_webcal_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain evolution_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure)))
                (allow user_application_exec_domain evolution_alarm_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure)))
                (allow user_application_exec_domain evolution_exchange_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure)))
                (allow user_application_exec_domain evolution_server_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure)))
                (allow user_application_exec_domain evolution_webcal_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure)))
                (allow user_application_exec_domain evolution_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain evolution_alarm_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain evolution_exchange_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain evolution_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain evolution_alarm_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain evolution_exchange_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain evolution_t (lnk_file (read getattr)))
                (allow user_application_exec_domain evolution_alarm_t (lnk_file (read getattr)))
                (allow user_application_exec_domain evolution_exchange_t (lnk_file (read getattr)))
                (allow user_application_exec_domain evolution_t (process (getattr)))
                (allow user_application_exec_domain evolution_alarm_t (process (getattr)))
                (allow user_application_exec_domain evolution_exchange_t (process (getattr)))
                (allow user_application_exec_domain evolution_server_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain evolution_webcal_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain evolution_server_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain evolution_webcal_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain evolution_server_t (lnk_file (read getattr)))
                (allow user_application_exec_domain evolution_webcal_t (lnk_file (read getattr)))
                (allow user_application_exec_domain evolution_server_t (process (getattr)))
                (allow user_application_exec_domain evolution_webcal_t (process (getattr)))
                (allow evolution_t user_application_exec_domain (dir (getattr open search)))
                (allow evolution_t user_application_exec_domain (file (ioctl read getattr lock open)))
                (allow evolution_t user_application_exec_domain (lnk_file (read getattr)))
                (allow user_t evolution_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t evolution_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t evolution_exchange_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t evolution_alarm_orbit_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_exchange_orbit_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_orbit_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_server_orbit_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_alarm_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t evolution_exchange_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t evolution_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t evolution_webcal_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t evolution_alarm_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_exchange_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_webcal_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_alarm_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t evolution_exchange_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t evolution_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t evolution_webcal_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t evolution_alarm_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_exchange_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_webcal_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_alarm_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_exchange_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t evolution_webcal_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow evolution_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow evolution_exchange_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow user_application_exec_domain evolution_orbit_tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain evolution_orbit_tmp_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain evolution_t (unix_stream_socket (connectto)))
                (allow user_application_exec_domain evolution_exchange_orbit_tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain evolution_exchange_orbit_tmp_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain evolution_exchange_t (unix_stream_socket (connectto)))
                (typetransition user_t user_home_dir_t dir ".evolution" evolution_home_t)
                (typetransition user_t user_home_dir_t dir ".camel_certs" evolution_home_t)
                (optional unprivuser_optional_119
                    (typeattributeset cil_gen_require evolution_t)
                    (typeattributeset cil_gen_require evolution_alarm_t)
                    (allow user_application_exec_domain evolution_t (dbus (send_msg)))
                    (allow evolution_t user_application_exec_domain (dbus (send_msg)))
                    (allow user_application_exec_domain evolution_alarm_t (dbus (send_msg)))
                    (allow evolution_alarm_t user_application_exec_domain (dbus (send_msg)))
                )
                (optional unprivuser_optional_120
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t evolution_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t evolution_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t evolution_t (lnk_file (read getattr)))
                    (allow user_systemd_t evolution_t (process (getattr)))
                    (allow user_systemd_t evolution_t (process (sigchld sigkill sigstop signull signal)))
                    (allow evolution_t user_systemd_t (fd (use)))
                    (allow evolution_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow evolution_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow evolution_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow evolution_t user_systemd_t (lnk_file (read getattr)))
                    (allow evolution_t user_systemd_t (process (getattr)))
                    (allow evolution_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t evolution_alarm_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t evolution_alarm_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t evolution_alarm_t (lnk_file (read getattr)))
                    (allow user_systemd_t evolution_alarm_t (process (getattr)))
                    (allow user_systemd_t evolution_alarm_t (process (sigchld sigkill sigstop signull signal)))
                    (allow evolution_alarm_t user_systemd_t (fd (use)))
                    (allow evolution_alarm_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow evolution_alarm_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow evolution_alarm_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow evolution_alarm_t user_systemd_t (lnk_file (read getattr)))
                    (allow evolution_alarm_t user_systemd_t (process (getattr)))
                    (allow evolution_alarm_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t evolution_exchange_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t evolution_exchange_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t evolution_exchange_t (lnk_file (read getattr)))
                    (allow user_systemd_t evolution_exchange_t (process (getattr)))
                    (allow user_systemd_t evolution_exchange_t (process (sigchld sigkill sigstop signull signal)))
                    (allow evolution_exchange_t user_systemd_t (fd (use)))
                    (allow evolution_exchange_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow evolution_exchange_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow evolution_exchange_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow evolution_exchange_t user_systemd_t (lnk_file (read getattr)))
                    (allow evolution_exchange_t user_systemd_t (process (getattr)))
                    (allow evolution_exchange_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t evolution_server_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t evolution_server_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t evolution_server_t (lnk_file (read getattr)))
                    (allow user_systemd_t evolution_server_t (process (getattr)))
                    (allow user_systemd_t evolution_server_t (process (sigchld sigkill sigstop signull signal)))
                    (allow evolution_server_t user_systemd_t (fd (use)))
                    (allow evolution_server_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow evolution_server_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow evolution_server_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow evolution_server_t user_systemd_t (lnk_file (read getattr)))
                    (allow evolution_server_t user_systemd_t (process (getattr)))
                    (allow evolution_server_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t evolution_webcal_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t evolution_webcal_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t evolution_webcal_t (lnk_file (read getattr)))
                    (allow user_systemd_t evolution_webcal_t (process (getattr)))
                    (allow user_systemd_t evolution_webcal_t (process (sigchld sigkill sigstop signull signal)))
                    (allow evolution_webcal_t user_systemd_t (fd (use)))
                    (allow evolution_webcal_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow evolution_webcal_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow evolution_webcal_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow evolution_webcal_t user_systemd_t (lnk_file (read getattr)))
                    (allow evolution_webcal_t user_systemd_t (process (getattr)))
                    (allow evolution_webcal_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_121
                (roleattributeset cil_gen_require games_roles)
                (typeattributeset cil_gen_require games_t)
                (typeattributeset cil_gen_require games_exec_t)
                (typeattributeset cil_gen_require games_tmp_t)
                (typeattributeset cil_gen_require games_tmpfs_t)
                (roleattributeset cil_gen_require games_roles)
                (roleattributeset games_roles (user_r ))
                (allow user_application_exec_domain games_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain games_t (process (transition)))
                (dontaudit user_application_exec_domain games_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain games_exec_t process games_t)
                (allow games_t user_application_exec_domain (fd (use)))
                (allow games_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow games_t user_application_exec_domain (process (sigchld)))
                (allow user_t games_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t games_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t games_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t games_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t games_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_application_exec_domain games_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain games_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain games_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain games_t (lnk_file (read getattr)))
                (allow user_application_exec_domain games_t (process (getattr)))
                (allow user_application_exec_domain games_tmpfs_t (dir (getattr open search)))
                (allow user_application_exec_domain games_tmpfs_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain games_t (unix_stream_socket (connectto)))
                (allow games_t user_application_exec_domain (unix_stream_socket (connectto)))
                (optional unprivuser_optional_122
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t games_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t games_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t games_t (lnk_file (read getattr)))
                    (allow user_systemd_t games_t (process (getattr)))
                    (allow user_systemd_t games_t (process (sigchld sigkill sigstop signull signal)))
                    (allow games_t user_systemd_t (fd (use)))
                    (allow games_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow games_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow games_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow games_t user_systemd_t (lnk_file (read getattr)))
                    (allow games_t user_systemd_t (process (getattr)))
                    (allow games_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_123
                (type user_gkeyringd_t)
                (roletype object_r user_gkeyringd_t)
                (roleattributeset cil_gen_require gconfd_roles)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_t ))
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require process_user_target)
                (typeattributeset process_user_target (user_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_t ))
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require user_runtime_t)
                (typeattributeset cil_gen_require user_runtime_root_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require gnomedomain)
                (typeattributeset cil_gen_require gkeyringd_domain)
                (typeattributeset cil_gen_require gkeyringd_exec_t)
                (typeattributeset cil_gen_require gnome_keyring_home_t)
                (typeattributeset cil_gen_require gnome_keyring_tmp_t)
                (typeattributeset cil_gen_require gconfd_t)
                (typeattributeset cil_gen_require gconfd_exec_t)
                (typeattributeset cil_gen_require gconf_tmp_t)
                (typeattributeset cil_gen_require gconf_home_t)
                (typeattributeset cil_gen_require gnome_home_t)
                (typeattributeset cil_gen_require user_gkeyringd_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r user_gkeyringd_t)
                (roleattributeset cil_gen_require gconfd_roles)
                (roleattributeset gconfd_roles (user_r ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (gkeyringd_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (gkeyringd_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_gkeyringd_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (user_gkeyringd_t ))
                (typeattributeset cil_gen_require gnomedomain)
                (typeattributeset gnomedomain (user_gkeyringd_t ))
                (typeattributeset cil_gen_require process_user_target)
                (typeattributeset process_user_target (user_gkeyringd_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (gkeyringd_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_gkeyringd_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (gkeyringd_exec_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (gkeyringd_exec_t ))
                (typeattributeset cil_gen_require gkeyringd_domain)
                (typeattributeset gkeyringd_domain (user_gkeyringd_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (gkeyringd_exec_t ))
                (allow user_gkeyringd_t gkeyringd_exec_t (file (entrypoint)))
                (allow user_gkeyringd_t gkeyringd_exec_t (file (ioctl read getattr lock map execute open)))
                (allow user_application_exec_domain gconfd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain gconfd_t (process (transition)))
                (dontaudit user_application_exec_domain gconfd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain gconfd_exec_t process gconfd_t)
                (allow gconfd_t user_application_exec_domain (fd (use)))
                (allow gconfd_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gconfd_t user_application_exec_domain (process (sigchld)))
                (allow user_t gconf_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t gconf_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t gconf_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t gconf_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_application_exec_domain gconfd_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain gconfd_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain gconfd_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain gconfd_t (lnk_file (read getattr)))
                (allow user_application_exec_domain gconfd_t (process (getattr)))
                (allow user_application_exec_domain gkeyringd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain user_gkeyringd_t (process (transition)))
                (dontaudit user_application_exec_domain user_gkeyringd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain gkeyringd_exec_t process user_gkeyringd_t)
                (allow user_gkeyringd_t user_application_exec_domain (fd (use)))
                (allow user_gkeyringd_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_gkeyringd_t user_application_exec_domain (process (sigchld)))
                (allow user_t gnome_keyring_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t gnome_keyring_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t gnome_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t gnome_keyring_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t gnome_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t gnome_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t gnome_keyring_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_application_exec_domain user_gkeyringd_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain user_gkeyringd_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain user_gkeyringd_t (lnk_file (read getattr)))
                (allow user_application_exec_domain user_gkeyringd_t (process (getattr)))
                (allow user_application_exec_domain user_gkeyringd_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_gkeyringd_t bin_t (dir (getattr open search)))
                (allow user_gkeyringd_t bin_t (lnk_file (read getattr)))
                (allow user_gkeyringd_t usr_t (dir (getattr open search)))
                (allow user_gkeyringd_t bin_t (file (ioctl read getattr map execute open)))
                (allow user_gkeyringd_t user_t (process (transition)))
                (dontaudit user_gkeyringd_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_gkeyringd_t bin_t process user_t)
                (allow user_gkeyringd_t bin_t (dir (getattr open search)))
                (allow user_gkeyringd_t bin_t (lnk_file (read getattr)))
                (allow user_gkeyringd_t usr_t (dir (getattr open search)))
                (allow user_gkeyringd_t bin_t (dir (getattr open search)))
                (allow user_gkeyringd_t bin_t (dir (ioctl read getattr lock open search)))
                (allow user_gkeyringd_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow user_gkeyringd_t user_t (process (transition)))
                (dontaudit user_gkeyringd_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_gkeyringd_t shell_exec_t process user_t)
                (allow user_application_exec_domain tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain user_runtime_t (dir (getattr open search)))
                (allow user_application_exec_domain user_runtime_root_t (dir (getattr open search)))
                (allow user_application_exec_domain var_run_t (lnk_file (read getattr)))
                (allow user_application_exec_domain var_t (dir (getattr open search)))
                (allow user_application_exec_domain var_run_t (dir (getattr open search)))
                (allow user_application_exec_domain gnome_keyring_tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain gnome_keyring_tmp_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain user_gkeyringd_t (unix_stream_socket (connectto)))
                (typetransition user_t gnome_home_t dir "keyrings" gnome_keyring_home_t)
                (typetransition user_t user_home_dir_t dir ".gnome2_private" gnome_home_t)
                (typetransition user_t user_home_dir_t dir ".gnome2" gnome_home_t)
                (typetransition user_t user_home_dir_t dir ".gnome" gnome_home_t)
                (typetransition user_t user_home_dir_t dir ".gconfd" gconf_home_t)
                (typetransition user_t user_home_dir_t dir ".gconf" gconf_home_t)
                (optional unprivuser_optional_124
                    (typeattributeset cil_gen_require init_t)
                    (allow user_gkeyringd_t init_t (process (sigchld)))
                    (allow user_gkeyringd_t init_t (process (signull)))
                    (optional unprivuser_optional_125
                        (typeattributeset cil_gen_require rpm_t)
                        (allow user_gkeyringd_t rpm_t (fd (use)))
                        (allow user_gkeyringd_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional unprivuser_optional_126
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit user_gkeyringd_t security_t (filesystem (getattr)))
                        (dontaudit user_gkeyringd_t sysfs_t (filesystem (getattr)))
                        (dontaudit user_gkeyringd_t sysfs_t (dir (getattr open search)))
                        (dontaudit user_gkeyringd_t security_t (dir (getattr open search)))
                        (dontaudit user_gkeyringd_t security_t (file (ioctl read getattr lock open)))
                        (optional unprivuser_optional_127
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit user_gkeyringd_t selinux_config_t (dir (getattr open search)))
                            (dontaudit user_gkeyringd_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional unprivuser_optional_128
                                (typeattributeset cil_gen_require user_systemd_t)
                                (allow user_systemd_t gconfd_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t gconfd_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t gconfd_t (lnk_file (read getattr)))
                                (allow user_systemd_t gconfd_t (process (getattr)))
                                (allow user_systemd_t gconfd_t (process (sigchld sigkill sigstop signull signal)))
                                (allow gconfd_t user_systemd_t (fd (use)))
                                (allow gconfd_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow gconfd_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow gconfd_t user_systemd_t (file (ioctl read getattr lock open)))
                                (allow gconfd_t user_systemd_t (lnk_file (read getattr)))
                                (allow gconfd_t user_systemd_t (process (getattr)))
                                (allow gconfd_t user_systemd_t (process (sigchld)))
                            )
                            (optional unprivuser_optional_129
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require user_dbusd_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require dbusd_session_bus_client)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (user_gkeyringd_t ))
                                (typeattributeset cil_gen_require dbusd_session_bus_client)
                                (typeattributeset dbusd_session_bus_client (user_gkeyringd_t ))
                                (allow user_dbusd_t gkeyringd_exec_t (file (ioctl read getattr map execute open)))
                                (allow user_dbusd_t user_gkeyringd_t (process (transition)))
                                (dontaudit user_dbusd_t user_gkeyringd_t (process (noatsecure siginh rlimitinh)))
                                (typetransition user_dbusd_t gkeyringd_exec_t process user_gkeyringd_t)
                                (allow user_gkeyringd_t user_dbusd_t (fd (use)))
                                (allow user_gkeyringd_t user_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                                (allow user_gkeyringd_t user_dbusd_t (process (sigchld)))
                                (allow user_gkeyringd_t user_dbusd_t (dbus (send_msg)))
                                (allow user_gkeyringd_t self (dbus (send_msg)))
                                (allow user_dbusd_t user_gkeyringd_t (dbus (send_msg)))
                                (allow user_gkeyringd_t user_dbusd_t (unix_stream_socket (connectto)))
                                (allow user_gkeyringd_t user_dbusd_t (fd (use)))
                                (allow user_gkeyringd_t user_dbusd_t (dbus (acquire_svc)))
                                (allow user_gkeyringd_t system_dbusd_t (dbus (send_msg)))
                                (allow user_gkeyringd_t self (dbus (send_msg)))
                                (allow system_dbusd_t user_gkeyringd_t (dbus (send_msg)))
                                (allow user_gkeyringd_t var_t (dir (getattr open search)))
                                (allow user_gkeyringd_t var_lib_t (dir (getattr open search)))
                                (allow user_gkeyringd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_gkeyringd_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow user_gkeyringd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_gkeyringd_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow user_gkeyringd_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow user_gkeyringd_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow user_gkeyringd_t var_run_t (lnk_file (read getattr)))
                                (allow user_gkeyringd_t var_t (dir (getattr open search)))
                                (allow user_gkeyringd_t var_run_t (dir (getattr open search)))
                                (allow user_gkeyringd_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow user_gkeyringd_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow user_gkeyringd_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow user_gkeyringd_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow user_gkeyringd_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow user_gkeyringd_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow user_gkeyringd_t system_dbusd_runtime_t (sock_file (read)))
                                (allow user_gkeyringd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_gkeyringd_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (optional unprivuser_optional_130
                                    (typeattributeset cil_gen_require evolution_t)
                                    (allow user_gkeyringd_t evolution_t (dbus (send_msg)))
                                    (allow evolution_t user_gkeyringd_t (dbus (send_msg)))
                                )
                                (optional unprivuser_optional_131
                                    (typeattributeset cil_gen_require gconfd_t)
                                    (typeattributeset cil_gen_require user_gkeyringd_t)
                                    (allow user_application_exec_domain gconfd_t (dbus (send_msg)))
                                    (allow gconfd_t user_application_exec_domain (dbus (send_msg)))
                                    (allow user_application_exec_domain user_gkeyringd_t (dbus (send_msg)))
                                    (allow user_gkeyringd_t user_application_exec_domain (dbus (send_msg)))
                                    (optional unprivuser_optional_132
                                        (typeattributeset cil_gen_require user_wm_t)
                                        (allow user_gkeyringd_t user_wm_t (dbus (send_msg)))
                                        (allow user_wm_t user_gkeyringd_t (dbus (send_msg)))
                                    )
                                )
                            )
                            (optional unprivuser_optional_133
                                (typeattributeset cil_gen_require user_systemd_t)
                                (allow user_systemd_t user_gkeyringd_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t user_gkeyringd_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t user_gkeyringd_t (lnk_file (read getattr)))
                                (allow user_systemd_t user_gkeyringd_t (process (getattr)))
                                (allow user_systemd_t user_gkeyringd_t (process (sigchld sigkill sigstop signull signal)))
                                (allow user_gkeyringd_t user_systemd_t (fd (use)))
                                (allow user_gkeyringd_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow user_gkeyringd_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow user_gkeyringd_t user_systemd_t (file (ioctl read getattr lock open)))
                                (allow user_gkeyringd_t user_systemd_t (lnk_file (read getattr)))
                                (allow user_gkeyringd_t user_systemd_t (process (getattr)))
                                (allow user_gkeyringd_t user_systemd_t (process (sigchld)))
                            )
                        )
                    )
                )
            )
            (optional unprivuser_optional_134
                (roleattributeset cil_gen_require gpg_roles)
                (roleattributeset cil_gen_require gpg_agent_roles)
                (roleattributeset cil_gen_require gpg_helper_roles)
                (roleattributeset cil_gen_require gpg_pinentry_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require gpg_t)
                (typeattributeset cil_gen_require gpg_exec_t)
                (typeattributeset cil_gen_require gpg_agent_t)
                (typeattributeset cil_gen_require gpg_agent_exec_t)
                (typeattributeset cil_gen_require gpg_agent_tmp_t)
                (typeattributeset cil_gen_require gpg_helper_t)
                (typeattributeset cil_gen_require gpg_pinentry_t)
                (typeattributeset cil_gen_require gpg_pinentry_tmp_t)
                (typeattributeset cil_gen_require gpg_secret_t)
                (roleattributeset cil_gen_require gpg_pinentry_roles)
                (roleattributeset gpg_pinentry_roles (user_r ))
                (roleattributeset cil_gen_require gpg_agent_roles)
                (roleattributeset gpg_agent_roles (user_r ))
                (roleattributeset cil_gen_require gpg_helper_roles)
                (roleattributeset gpg_helper_roles (user_r ))
                (roleattributeset cil_gen_require gpg_roles)
                (roleattributeset gpg_roles (user_r ))
                (allow user_application_exec_domain gpg_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain gpg_t (process (transition)))
                (dontaudit user_application_exec_domain gpg_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain gpg_exec_t process gpg_t)
                (allow gpg_t user_application_exec_domain (fd (use)))
                (allow gpg_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gpg_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain gpg_agent_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain gpg_agent_t (process (transition)))
                (dontaudit user_application_exec_domain gpg_agent_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain gpg_agent_exec_t process gpg_agent_t)
                (allow gpg_agent_t user_application_exec_domain (fd (use)))
                (allow gpg_agent_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gpg_agent_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain self (process (setrlimit)))
                (allow user_application_exec_domain gpg_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain gpg_agent_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain gpg_helper_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain gpg_pinentry_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain gpg_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain gpg_agent_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain gpg_helper_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain gpg_pinentry_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain gpg_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain gpg_agent_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain gpg_helper_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain gpg_pinentry_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain gpg_t (lnk_file (read getattr)))
                (allow user_application_exec_domain gpg_agent_t (lnk_file (read getattr)))
                (allow user_application_exec_domain gpg_helper_t (lnk_file (read getattr)))
                (allow user_application_exec_domain gpg_pinentry_t (lnk_file (read getattr)))
                (allow user_application_exec_domain gpg_t (process (getattr)))
                (allow user_application_exec_domain gpg_agent_t (process (getattr)))
                (allow user_application_exec_domain gpg_helper_t (process (getattr)))
                (allow user_application_exec_domain gpg_pinentry_t (process (getattr)))
                (allow gpg_pinentry_t user_application_exec_domain (process (signull)))
                (allow gpg_helper_t user_application_exec_domain (fd (use)))
                (allow gpg_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gpg_agent_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gpg_helper_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gpg_pinentry_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_t gpg_agent_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t gpg_secret_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t gpg_agent_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t gpg_secret_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t gpg_secret_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t gpg_agent_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t gpg_pinentry_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t gpg_secret_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t gpg_secret_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir ".gnupg" gpg_secret_t)
                (typetransition user_t gpg_secret_t sock_file "log-socket" gpg_agent_tmp_t)
                (optional unprivuser_optional_135
                    (typeattributeset cil_gen_require gpg_pinentry_t)
                    (allow user_application_exec_domain gpg_pinentry_t (dbus (send_msg)))
                    (allow gpg_pinentry_t user_application_exec_domain (dbus (send_msg)))
                )
                (optional unprivuser_optional_136
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t gpg_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t gpg_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t gpg_t (lnk_file (read getattr)))
                    (allow user_systemd_t gpg_t (process (getattr)))
                    (allow user_systemd_t gpg_t (process (sigchld sigkill sigstop signull signal)))
                    (allow gpg_t user_systemd_t (fd (use)))
                    (allow gpg_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow gpg_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow gpg_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow gpg_t user_systemd_t (lnk_file (read getattr)))
                    (allow gpg_t user_systemd_t (process (getattr)))
                    (allow gpg_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t gpg_agent_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t gpg_agent_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t gpg_agent_t (lnk_file (read getattr)))
                    (allow user_systemd_t gpg_agent_t (process (getattr)))
                    (allow user_systemd_t gpg_agent_t (process (sigchld sigkill sigstop signull signal)))
                    (allow gpg_agent_t user_systemd_t (fd (use)))
                    (allow gpg_agent_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow gpg_agent_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow gpg_agent_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow gpg_agent_t user_systemd_t (lnk_file (read getattr)))
                    (allow gpg_agent_t user_systemd_t (process (getattr)))
                    (allow gpg_agent_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_137
                (roleattributeset cil_gen_require hadoop_roles)
                (roleattributeset cil_gen_require zookeeper_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require hadoop_t)
                (typeattributeset cil_gen_require zookeeper_t)
                (typeattributeset cil_gen_require hadoop_home_t)
                (typeattributeset cil_gen_require hadoop_tmp_t)
                (typeattributeset cil_gen_require hadoop_hsperfdata_t)
                (typeattributeset cil_gen_require zookeeper_tmp_t)
                (typeattributeset cil_gen_require hadoop_exec_t)
                (typeattributeset cil_gen_require zookeeper_exec_t)
                (roleattributeset cil_gen_require hadoop_roles)
                (roleattributeset hadoop_roles (user_r ))
                (roleattributeset cil_gen_require zookeeper_roles)
                (roleattributeset zookeeper_roles (user_r ))
                (allow user_application_exec_domain bin_t (dir (getattr open search)))
                (allow user_application_exec_domain bin_t (lnk_file (read getattr)))
                (allow user_application_exec_domain usr_t (dir (getattr open search)))
                (allow user_application_exec_domain hadoop_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain hadoop_t (process (transition)))
                (dontaudit user_application_exec_domain hadoop_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain hadoop_exec_t process hadoop_t)
                (allow hadoop_t user_application_exec_domain (fd (use)))
                (allow hadoop_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow hadoop_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain bin_t (dir (getattr open search)))
                (allow user_application_exec_domain bin_t (lnk_file (read getattr)))
                (allow user_application_exec_domain usr_t (dir (getattr open search)))
                (allow user_application_exec_domain zookeeper_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain zookeeper_t (process (transition)))
                (dontaudit user_application_exec_domain zookeeper_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain zookeeper_exec_t process zookeeper_t)
                (allow zookeeper_t user_application_exec_domain (fd (use)))
                (allow zookeeper_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow zookeeper_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain hadoop_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain zookeeper_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain hadoop_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain zookeeper_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain hadoop_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain zookeeper_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain hadoop_t (lnk_file (read getattr)))
                (allow user_application_exec_domain zookeeper_t (lnk_file (read getattr)))
                (allow user_application_exec_domain hadoop_t (process (getattr)))
                (allow user_application_exec_domain zookeeper_t (process (getattr)))
                (allow user_t hadoop_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t hadoop_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t hadoop_hsperfdata_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t hadoop_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t hadoop_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t zookeeper_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t hadoop_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (optional unprivuser_optional_138
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t hadoop_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t hadoop_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t hadoop_t (lnk_file (read getattr)))
                    (allow user_systemd_t hadoop_t (process (getattr)))
                    (allow user_systemd_t hadoop_t (process (sigchld sigkill sigstop signull signal)))
                    (allow hadoop_t user_systemd_t (fd (use)))
                    (allow hadoop_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow hadoop_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow hadoop_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow hadoop_t user_systemd_t (lnk_file (read getattr)))
                    (allow hadoop_t user_systemd_t (process (getattr)))
                    (allow hadoop_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t zookeeper_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t zookeeper_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t zookeeper_t (lnk_file (read getattr)))
                    (allow user_systemd_t zookeeper_t (process (getattr)))
                    (allow user_systemd_t zookeeper_t (process (sigchld sigkill sigstop signull signal)))
                    (allow zookeeper_t user_systemd_t (fd (use)))
                    (allow zookeeper_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow zookeeper_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow zookeeper_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow zookeeper_t user_systemd_t (lnk_file (read getattr)))
                    (allow zookeeper_t user_systemd_t (process (getattr)))
                    (allow zookeeper_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_139
                (roleattributeset cil_gen_require irc_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require irc_t)
                (typeattributeset cil_gen_require irc_exec_t)
                (typeattributeset cil_gen_require irc_home_t)
                (typeattributeset cil_gen_require irc_tmp_t)
                (typeattributeset cil_gen_require irc_log_home_t)
                (roleattributeset cil_gen_require irc_roles)
                (roleattributeset irc_roles (user_r ))
                (allow user_application_exec_domain irc_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain irc_t (process (transition)))
                (dontaudit user_application_exec_domain irc_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain irc_exec_t process irc_t)
                (allow irc_t user_application_exec_domain (fd (use)))
                (allow irc_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow irc_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain irc_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain irc_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain irc_t (lnk_file (read getattr)))
                (allow user_application_exec_domain irc_t (process (getattr)))
                (allow user_application_exec_domain irc_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_t irc_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t irc_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t irc_log_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t irc_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t irc_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t irc_log_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t irc_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t irc_tmp_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t irc_log_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir "irclogs" irc_log_home_t)
                (typetransition user_t user_home_dir_t file ".ircmotd" irc_home_t)
                (typetransition user_t user_home_dir_t dir ".irssi" irc_home_t)
                (optional unprivuser_optional_140
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t irc_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t irc_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t irc_t (lnk_file (read getattr)))
                    (allow user_systemd_t irc_t (process (getattr)))
                    (allow user_systemd_t irc_t (process (sigchld sigkill sigstop signull signal)))
                    (allow irc_t user_systemd_t (fd (use)))
                    (allow irc_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow irc_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow irc_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow irc_t user_systemd_t (lnk_file (read getattr)))
                    (allow irc_t user_systemd_t (process (getattr)))
                    (allow irc_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_141
                (roleattributeset cil_gen_require java_roles)
                (typeattributeset cil_gen_require java_t)
                (typeattributeset cil_gen_require java_exec_t)
                (typeattributeset cil_gen_require java_tmp_t)
                (typeattributeset cil_gen_require java_tmpfs_t)
                (typeattributeset cil_gen_require java_home_t)
                (roleattributeset cil_gen_require java_roles)
                (roleattributeset java_roles (user_r ))
                (allow user_application_exec_domain java_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain java_t (process (transition)))
                (dontaudit user_application_exec_domain java_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain java_exec_t process java_t)
                (allow java_t user_application_exec_domain (fd (use)))
                (allow java_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow java_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain java_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure siginh rlimitinh)))
                (allow user_application_exec_domain java_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain java_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain java_t (lnk_file (read getattr)))
                (allow user_application_exec_domain java_t (process (getattr)))
                (allow user_t java_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t java_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t java_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t java_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t java_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t java_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow java_t user_application_exec_domain (process (signull)))
                (allow java_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow java_t user_application_exec_domain (unix_stream_socket (read write)))
                (allow java_t user_application_exec_domain (tcp_socket (read write)))
                (allow user_t java_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t java_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t java_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t java_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (optional unprivuser_optional_142
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t java_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t java_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t java_t (lnk_file (read getattr)))
                    (allow user_systemd_t java_t (process (getattr)))
                    (allow user_systemd_t java_t (process (sigchld sigkill sigstop signull signal)))
                    (allow java_t user_systemd_t (fd (use)))
                    (allow java_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow java_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow java_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow java_t user_systemd_t (lnk_file (read getattr)))
                    (allow java_t user_systemd_t (process (getattr)))
                    (allow java_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_143
                (roleattributeset cil_gen_require libmtp_roles)
                (typeattributeset cil_gen_require libmtp_t)
                (typeattributeset cil_gen_require libmtp_exec_t)
                (roleattributeset cil_gen_require libmtp_roles)
                (roleattributeset libmtp_roles (user_r ))
                (allow user_application_exec_domain libmtp_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain libmtp_t (process (transition)))
                (dontaudit user_application_exec_domain libmtp_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain libmtp_exec_t process libmtp_t)
                (allow libmtp_t user_application_exec_domain (fd (use)))
                (allow libmtp_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow libmtp_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain libmtp_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain libmtp_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain libmtp_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain libmtp_t (lnk_file (read getattr)))
                (allow user_application_exec_domain libmtp_t (process (getattr)))
                (optional unprivuser_optional_144
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t libmtp_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t libmtp_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t libmtp_t (lnk_file (read getattr)))
                    (allow user_systemd_t libmtp_t (process (getattr)))
                    (allow user_systemd_t libmtp_t (process (sigchld sigkill sigstop signull signal)))
                    (allow libmtp_t user_systemd_t (fd (use)))
                    (allow libmtp_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow libmtp_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow libmtp_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow libmtp_t user_systemd_t (lnk_file (read getattr)))
                    (allow libmtp_t user_systemd_t (process (getattr)))
                    (allow libmtp_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_145
                (roleattributeset cil_gen_require lpr_roles)
                (typeattributeset cil_gen_require lpr_t)
                (typeattributeset cil_gen_require lpr_exec_t)
                (roleattributeset cil_gen_require lpr_roles)
                (roleattributeset lpr_roles (user_r ))
                (allow user_application_exec_domain lpr_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain lpr_t (process (transition)))
                (dontaudit user_application_exec_domain lpr_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain lpr_exec_t process lpr_t)
                (allow lpr_t user_application_exec_domain (fd (use)))
                (allow lpr_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow lpr_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain lpr_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain lpr_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain lpr_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain lpr_t (lnk_file (read getattr)))
                (allow user_application_exec_domain lpr_t (process (getattr)))
                (dontaudit lpr_t user_application_exec_domain (unix_stream_socket (read write)))
                (optional unprivuser_optional_146
                    (typeattributeset cil_gen_require etc_t)
                    (typeattributeset cil_gen_require cupsd_etc_t)
                    (typeattributeset cil_gen_require cupsd_rw_etc_t)
                    (allow user_application_exec_domain etc_t (dir (getattr open search)))
                    (allow user_application_exec_domain cupsd_etc_t (dir (getattr open search)))
                    (allow user_application_exec_domain cupsd_rw_etc_t (dir (getattr open search)))
                    (allow user_application_exec_domain cupsd_etc_t (file (ioctl read getattr lock open)))
                    (allow user_application_exec_domain cupsd_rw_etc_t (file (ioctl read getattr lock open)))
                )
                (optional unprivuser_optional_147
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t lpr_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t lpr_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t lpr_t (lnk_file (read getattr)))
                    (allow user_systemd_t lpr_t (process (getattr)))
                    (allow user_systemd_t lpr_t (process (sigchld sigkill sigstop signull signal)))
                    (allow lpr_t user_systemd_t (fd (use)))
                    (allow lpr_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow lpr_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow lpr_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow lpr_t user_systemd_t (lnk_file (read getattr)))
                    (allow lpr_t user_systemd_t (process (getattr)))
                    (allow lpr_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_148
                (roleattributeset cil_gen_require mozilla_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require mozilla_t)
                (typeattributeset cil_gen_require mozilla_exec_t)
                (typeattributeset cil_gen_require mozilla_home_t)
                (typeattributeset cil_gen_require mozilla_tmp_t)
                (typeattributeset cil_gen_require mozilla_tmpfs_t)
                (typeattributeset cil_gen_require mozilla_plugin_tmp_t)
                (typeattributeset cil_gen_require mozilla_plugin_tmpfs_t)
                (typeattributeset cil_gen_require mozilla_plugin_home_t)
                (roleattributeset cil_gen_require mozilla_roles)
                (roleattributeset mozilla_roles (user_r ))
                (allow user_application_exec_domain mozilla_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain mozilla_t (process (transition)))
                (dontaudit user_application_exec_domain mozilla_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain mozilla_exec_t process mozilla_t)
                (allow mozilla_t user_application_exec_domain (fd (use)))
                (allow mozilla_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow mozilla_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain mozilla_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure siginh rlimitinh)))
                (allow user_application_exec_domain mozilla_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain mozilla_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain mozilla_t (lnk_file (read getattr)))
                (allow user_application_exec_domain mozilla_t (process (getattr)))
                (allow mozilla_t user_application_exec_domain (process (signull)))
                (allow mozilla_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow user_application_exec_domain mozilla_t (fd (use)))
                (allow user_application_exec_domain mozilla_t (shm (getattr read write associate unix_read unix_write lock)))
                (allow user_application_exec_domain mozilla_tmpfs_t (dir (getattr open search)))
                (allow user_application_exec_domain mozilla_tmpfs_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain mozilla_t (unix_stream_socket (connectto)))
                (allow user_t mozilla_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mozilla_plugin_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mozilla_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mozilla_plugin_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mozilla_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t mozilla_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t mozilla_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mozilla_plugin_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mozilla_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mozilla_plugin_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mozilla_plugin_tmp_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mozilla_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mozilla_plugin_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mozilla_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mozilla_plugin_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mozilla_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mozilla_plugin_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mozilla_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mozilla_plugin_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (typetransition user_t mozilla_home_t dir "plugins" mozilla_plugin_home_t)
                (typetransition user_t user_home_dir_t dir ".phoenix" mozilla_home_t)
                (typetransition user_t user_home_dir_t dir ".netscape" mozilla_home_t)
                (typetransition user_t user_home_dir_t dir ".mozilla" mozilla_home_t)
                (typetransition user_t user_home_dir_t dir ".galeon" mozilla_home_t)
                (optional unprivuser_optional_149
                    (typeattributeset cil_gen_require mozilla_t)
                    (allow user_application_exec_domain mozilla_t (dbus (send_msg)))
                    (allow mozilla_t user_application_exec_domain (dbus (send_msg)))
                )
                (optional unprivuser_optional_150
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t mozilla_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t mozilla_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t mozilla_t (lnk_file (read getattr)))
                    (allow user_systemd_t mozilla_t (process (getattr)))
                    (allow user_systemd_t mozilla_t (process (sigchld sigkill sigstop signull signal)))
                    (allow mozilla_t user_systemd_t (fd (use)))
                    (allow mozilla_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow mozilla_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow mozilla_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow mozilla_t user_systemd_t (lnk_file (read getattr)))
                    (allow mozilla_t user_systemd_t (process (getattr)))
                    (allow mozilla_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_151
                (roleattributeset cil_gen_require mencoder_roles)
                (roleattributeset cil_gen_require mplayer_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require mencoder_t)
                (typeattributeset cil_gen_require mencoder_exec_t)
                (typeattributeset cil_gen_require mplayer_home_t)
                (typeattributeset cil_gen_require mplayer_t)
                (typeattributeset cil_gen_require mplayer_exec_t)
                (typeattributeset cil_gen_require mplayer_tmpfs_t)
                (roleattributeset cil_gen_require mplayer_roles)
                (roleattributeset mplayer_roles (user_r ))
                (roleattributeset cil_gen_require mencoder_roles)
                (roleattributeset mencoder_roles (user_r ))
                (allow user_application_exec_domain mencoder_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain mencoder_t (process (transition)))
                (dontaudit user_application_exec_domain mencoder_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain mencoder_exec_t process mencoder_t)
                (allow mencoder_t user_application_exec_domain (fd (use)))
                (allow mencoder_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow mencoder_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain mplayer_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain mplayer_t (process (transition)))
                (dontaudit user_application_exec_domain mplayer_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain mplayer_exec_t process mplayer_t)
                (allow mplayer_t user_application_exec_domain (fd (use)))
                (allow mplayer_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow mplayer_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain mencoder_t (process (sigchld sigkill sigstop signull signal ptrace getsched)))
                (allow user_application_exec_domain mplayer_t (process (sigchld sigkill sigstop signull signal ptrace getsched)))
                (allow user_application_exec_domain mencoder_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain mplayer_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain mencoder_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain mplayer_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain mencoder_t (lnk_file (read getattr)))
                (allow user_application_exec_domain mplayer_t (lnk_file (read getattr)))
                (allow user_application_exec_domain mencoder_t (process (getattr)))
                (allow user_application_exec_domain mplayer_t (process (getattr)))
                (allow user_t mplayer_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mplayer_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mplayer_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t mplayer_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mplayer_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t mplayer_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mplayer_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (typetransition user_t user_home_dir_t dir ".mplayer" mplayer_home_t)
                (optional unprivuser_optional_152
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t mencoder_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t mencoder_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t mencoder_t (lnk_file (read getattr)))
                    (allow user_systemd_t mencoder_t (process (getattr)))
                    (allow user_systemd_t mencoder_t (process (sigchld sigkill sigstop signull signal)))
                    (allow mencoder_t user_systemd_t (fd (use)))
                    (allow mencoder_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow mencoder_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow mencoder_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow mencoder_t user_systemd_t (lnk_file (read getattr)))
                    (allow mencoder_t user_systemd_t (process (getattr)))
                    (allow mencoder_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t mplayer_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t mplayer_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t mplayer_t (lnk_file (read getattr)))
                    (allow user_systemd_t mplayer_t (process (getattr)))
                    (allow user_systemd_t mplayer_t (process (sigchld sigkill sigstop signull signal)))
                    (allow mplayer_t user_systemd_t (fd (use)))
                    (allow mplayer_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow mplayer_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow mplayer_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow mplayer_t user_systemd_t (lnk_file (read getattr)))
                    (allow mplayer_t user_systemd_t (process (getattr)))
                    (allow mplayer_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_153
                (roleattributeset cil_gen_require user_mail_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require mta_user_agent)
                (typeattributeset cil_gen_require user_mail_t)
                (typeattributeset cil_gen_require sendmail_exec_t)
                (typeattributeset cil_gen_require mail_home_t)
                (typeattributeset cil_gen_require user_mail_tmp_t)
                (typeattributeset cil_gen_require mail_home_rw_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r mta_user_agent)
                (roleattributeset cil_gen_require user_mail_roles)
                (roleattributeset user_mail_roles (user_r ))
                (allow user_application_exec_domain sendmail_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain user_mail_t (process (transition)))
                (dontaudit user_application_exec_domain user_mail_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain sendmail_exec_t process user_mail_t)
                (allow user_mail_t user_application_exec_domain (fd (use)))
                (allow user_mail_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_mail_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain sendmail_exec_t (lnk_file (read getattr)))
                (allow user_application_exec_domain mta_user_agent (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain user_mail_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain mta_user_agent (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain user_mail_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain mta_user_agent (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain user_mail_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain mta_user_agent (lnk_file (read getattr)))
                (allow user_application_exec_domain user_mail_t (lnk_file (read getattr)))
                (allow user_application_exec_domain mta_user_agent (process (getattr)))
                (allow user_application_exec_domain user_mail_t (process (getattr)))
                (allow user_t mail_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t mail_home_rw_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mail_home_rw_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t mail_home_rw_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_mail_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t user_mail_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (typetransition user_t user_home_dir_t dir ".maildir" mail_home_rw_t)
                (typetransition user_t user_home_dir_t dir "Maildir" mail_home_rw_t)
                (typetransition user_t user_home_dir_t file "dead.letter" mail_home_t)
                (typetransition user_t user_home_dir_t file ".mailrc" mail_home_t)
                (typetransition user_t user_home_dir_t file ".forward" mail_home_t)
                (typetransition user_t user_home_dir_t file ".esmtp_queue" mail_home_t)
                (optional unprivuser_optional_154
                    (roleattributeset cil_gen_require exim_roles)
                    (typeattributeset cil_gen_require bin_t)
                    (typeattributeset cil_gen_require usr_t)
                    (typeattributeset cil_gen_require exim_t)
                    (typeattributeset cil_gen_require exim_exec_t)
                    (roleattributeset cil_gen_require exim_roles)
                    (roleattributeset exim_roles (user_r ))
                    (allow user_application_exec_domain bin_t (dir (getattr open search)))
                    (allow user_application_exec_domain bin_t (lnk_file (read getattr)))
                    (allow user_application_exec_domain usr_t (dir (getattr open search)))
                    (allow user_application_exec_domain exim_exec_t (file (ioctl read getattr map execute open)))
                    (allow user_application_exec_domain exim_t (process (transition)))
                    (dontaudit user_application_exec_domain exim_t (process (noatsecure siginh rlimitinh)))
                    (typetransition user_application_exec_domain exim_exec_t process exim_t)
                    (allow exim_t user_application_exec_domain (fd (use)))
                    (allow exim_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                    (allow exim_t user_application_exec_domain (process (sigchld)))
                )
                (optional unprivuser_optional_155
                    (roleattributeset cil_gen_require mailman_roles)
                    (typeattributeset cil_gen_require lib_t)
                    (typeattributeset cil_gen_require mailman_mail_exec_t)
                    (typeattributeset cil_gen_require mailman_mail_t)
                    (roleattributeset cil_gen_require mailman_roles)
                    (roleattributeset mailman_roles (user_r ))
                    (allow user_application_exec_domain lib_t (dir (getattr open search)))
                    (allow user_application_exec_domain mailman_mail_exec_t (file (ioctl read getattr map execute open)))
                    (allow user_application_exec_domain mailman_mail_t (process (transition)))
                    (dontaudit user_application_exec_domain mailman_mail_t (process (noatsecure siginh rlimitinh)))
                    (typetransition user_application_exec_domain mailman_mail_exec_t process mailman_mail_t)
                    (allow mailman_mail_t user_application_exec_domain (fd (use)))
                    (allow mailman_mail_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                    (allow mailman_mail_t user_application_exec_domain (process (sigchld)))
                )
                (optional unprivuser_optional_156
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t user_mail_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t user_mail_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t user_mail_t (lnk_file (read getattr)))
                    (allow user_systemd_t user_mail_t (process (getattr)))
                    (allow user_systemd_t user_mail_t (process (sigchld sigkill sigstop signull signal)))
                    (allow user_mail_t user_systemd_t (fd (use)))
                    (allow user_mail_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow user_mail_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow user_mail_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow user_mail_t user_systemd_t (lnk_file (read getattr)))
                    (allow user_mail_t user_systemd_t (process (getattr)))
                    (allow user_mail_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_157
                (roleattributeset cil_gen_require ooffice_roles)
                (typeattributeset cil_gen_require ooffice_t)
                (typeattributeset cil_gen_require ooffice_exec_t)
                (roleattributeset cil_gen_require ooffice_roles)
                (roleattributeset ooffice_roles (user_r ))
                (allow ooffice_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow user_application_exec_domain ooffice_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain ooffice_t (process (transition)))
                (dontaudit user_application_exec_domain ooffice_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain ooffice_exec_t process ooffice_t)
                (allow ooffice_t user_application_exec_domain (fd (use)))
                (allow ooffice_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow ooffice_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain ooffice_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain ooffice_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain ooffice_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain ooffice_t (lnk_file (read getattr)))
                (allow user_application_exec_domain ooffice_t (process (getattr)))
                (optional unprivuser_optional_158
                    (typeattributeset cil_gen_require ooffice_t)
                    (allow user_application_exec_domain ooffice_t (dbus (send_msg)))
                    (allow ooffice_t user_application_exec_domain (dbus (send_msg)))
                )
                (optional unprivuser_optional_159
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t ooffice_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t ooffice_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t ooffice_t (lnk_file (read getattr)))
                    (allow user_systemd_t ooffice_t (process (getattr)))
                    (allow user_systemd_t ooffice_t (process (sigchld sigkill sigstop signull signal)))
                    (allow ooffice_t user_systemd_t (fd (use)))
                    (allow ooffice_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow ooffice_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow ooffice_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow ooffice_t user_systemd_t (lnk_file (read getattr)))
                    (allow ooffice_t user_systemd_t (process (getattr)))
                    (allow ooffice_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_160
                (typeattributeset cil_gen_require sepgsql_client_type)
                (typeattributeset cil_gen_require sepgsql_database_type)
                (typeattributeset cil_gen_require sepgsql_schema_type)
                (typeattributeset cil_gen_require sepgsql_sysobj_table_type)
                (typeattributeset cil_gen_require sepgsql_trusted_proc_exec_t)
                (typeattributeset cil_gen_require sepgsql_trusted_proc_t)
                (typeattributeset cil_gen_require sepgsql_ranged_proc_exec_t)
                (typeattributeset cil_gen_require sepgsql_ranged_proc_t)
                (typeattributeset cil_gen_require user_sepgsql_blob_t)
                (typeattributeset cil_gen_require user_sepgsql_proc_exec_t)
                (typeattributeset cil_gen_require user_sepgsql_schema_t)
                (typeattributeset cil_gen_require user_sepgsql_seq_t)
                (typeattributeset cil_gen_require user_sepgsql_sysobj_t)
                (typeattributeset cil_gen_require user_sepgsql_table_t)
                (typeattributeset cil_gen_require user_sepgsql_view_t)
                (typeattributeset cil_gen_require sepgsql_temp_object_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r sepgsql_trusted_proc_t)
                (roletype user_r sepgsql_ranged_proc_t)
                (typeattributeset cil_gen_require sepgsql_client_type)
                (typeattributeset sepgsql_client_type (user_t ))
                (allow user_t user_sepgsql_schema_t (db_schema (getattr search add_name remove_name)))
                (typetransition user_t sepgsql_database_type db_schema user_sepgsql_schema_t)
                (allow user_t user_sepgsql_table_t (db_table (getattr select update insert delete lock)))
                (allow user_t user_sepgsql_table_t (db_column (getattr select update insert)))
                (allow user_t user_sepgsql_table_t (db_tuple (select update insert delete)))
                (typetransition user_t sepgsql_schema_type db_table user_sepgsql_table_t)
                (allow user_t user_sepgsql_sysobj_t (db_tuple (use select)))
                (typetransition user_t sepgsql_sysobj_table_type db_tuple user_sepgsql_sysobj_t)
                (allow user_t user_sepgsql_seq_t (db_sequence (getattr get_value next_value)))
                (typetransition user_t sepgsql_schema_type db_sequence user_sepgsql_seq_t)
                (allow user_t user_sepgsql_view_t (db_view (getattr expand)))
                (typetransition user_t sepgsql_schema_type db_view user_sepgsql_view_t)
                (allow user_t user_sepgsql_proc_exec_t (db_procedure (getattr execute)))
                (typetransition user_t sepgsql_schema_type db_procedure user_sepgsql_proc_exec_t)
                (allow user_t user_sepgsql_blob_t (db_blob (create drop getattr setattr read write import export)))
                (typetransition user_t sepgsql_database_type db_blob user_sepgsql_blob_t)
                (allow user_t sepgsql_ranged_proc_t (process (transition)))
                (typetransition user_t sepgsql_ranged_proc_exec_t process sepgsql_ranged_proc_t)
                (allow sepgsql_ranged_proc_t user_t (process (dyntransition)))
                (allow user_t sepgsql_trusted_proc_t (process (transition)))
                (typetransition user_t sepgsql_trusted_proc_exec_t process sepgsql_trusted_proc_t)
                (typetransition user_t sepgsql_database_type db_schema "pg_temp" sepgsql_temp_object_t)
                (booleanif (sepgsql_enable_users_ddl)
                    (true
                        (allow user_t user_sepgsql_proc_exec_t (db_procedure (create drop setattr)))
                        (allow user_t user_sepgsql_view_t (db_view (create drop setattr)))
                        (allow user_t user_sepgsql_seq_t (db_sequence (create drop setattr set_value)))
                        (allow user_t user_sepgsql_sysobj_t (db_tuple (update insert delete)))
                        (allow user_t user_sepgsql_table_t (db_column (create drop setattr)))
                        (allow user_t user_sepgsql_table_t (db_table (create drop setattr)))
                        (allow user_t user_sepgsql_schema_t (db_schema (create drop setattr)))
                    )
                )
                (optional unprivuser_optional_161
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t sepgsql_ranged_proc_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t sepgsql_ranged_proc_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t sepgsql_ranged_proc_t (lnk_file (read getattr)))
                    (allow user_systemd_t sepgsql_ranged_proc_t (process (getattr)))
                    (allow user_systemd_t sepgsql_ranged_proc_t (process (sigchld sigkill sigstop signull signal)))
                    (allow sepgsql_ranged_proc_t user_systemd_t (fd (use)))
                    (allow sepgsql_ranged_proc_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow sepgsql_ranged_proc_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow sepgsql_ranged_proc_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow sepgsql_ranged_proc_t user_systemd_t (lnk_file (read getattr)))
                    (allow sepgsql_ranged_proc_t user_systemd_t (process (getattr)))
                    (allow sepgsql_ranged_proc_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t sepgsql_trusted_proc_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t sepgsql_trusted_proc_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t sepgsql_trusted_proc_t (lnk_file (read getattr)))
                    (allow user_systemd_t sepgsql_trusted_proc_t (process (getattr)))
                    (allow user_systemd_t sepgsql_trusted_proc_t (process (sigchld sigkill sigstop signull signal)))
                    (allow sepgsql_trusted_proc_t user_systemd_t (fd (use)))
                    (allow sepgsql_trusted_proc_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow sepgsql_trusted_proc_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow sepgsql_trusted_proc_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow sepgsql_trusted_proc_t user_systemd_t (lnk_file (read getattr)))
                    (allow sepgsql_trusted_proc_t user_systemd_t (process (getattr)))
                    (allow sepgsql_trusted_proc_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_162
                (roleattributeset cil_gen_require pulseaudio_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require pulseaudio_tmpfsfile)
                (typeattributeset cil_gen_require pulseaudio_t)
                (typeattributeset cil_gen_require pulseaudio_home_t)
                (typeattributeset cil_gen_require pulseaudio_tmpfs_t)
                (typeattributeset cil_gen_require pulseaudio_tmp_t)
                (typeattributeset cil_gen_require pulseaudio_client)
                (typeattributeset cil_gen_require pulseaudio_exec_t)
                (roleattributeset cil_gen_require pulseaudio_roles)
                (roleattributeset pulseaudio_roles (user_r ))
                (typeattributeset cil_gen_require pulseaudio_client)
                (typeattributeset pulseaudio_client (user_t ))
                (allow user_t bin_t (dir (getattr open search)))
                (allow user_t bin_t (lnk_file (read getattr)))
                (allow user_t usr_t (dir (getattr open search)))
                (allow user_t pulseaudio_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t pulseaudio_t (process (transition)))
                (dontaudit user_t pulseaudio_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t pulseaudio_exec_t process pulseaudio_t)
                (allow pulseaudio_t user_t (fd (use)))
                (allow pulseaudio_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow pulseaudio_t user_t (process (sigchld)))
                (allow user_application_exec_domain bin_t (dir (getattr open search)))
                (allow user_application_exec_domain bin_t (lnk_file (read getattr)))
                (allow user_application_exec_domain usr_t (dir (getattr open search)))
                (allow user_application_exec_domain pulseaudio_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain pulseaudio_t (process (transition)))
                (dontaudit user_application_exec_domain pulseaudio_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain pulseaudio_exec_t process pulseaudio_t)
                (allow pulseaudio_t user_application_exec_domain (fd (use)))
                (allow pulseaudio_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow pulseaudio_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain pulseaudio_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain pulseaudio_t (fd (use)))
                (allow user_application_exec_domain pulseaudio_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain pulseaudio_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain pulseaudio_t (lnk_file (read getattr)))
                (allow user_application_exec_domain pulseaudio_t (process (getattr)))
                (allow user_t pulseaudio_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t pulseaudio_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t pulseaudio_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t pulseaudio_tmpfsfile (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t pulseaudio_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t pulseaudio_tmpfsfile (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename open)))
                (allow user_t pulseaudio_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename open)))
                (allow user_t pulseaudio_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t pulseaudio_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t pulseaudio_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow pulseaudio_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow pulseaudio_t user_application_exec_domain (process (signull)))
                (optional unprivuser_optional_163
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t pulseaudio_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t pulseaudio_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t pulseaudio_t (lnk_file (read getattr)))
                    (allow user_systemd_t pulseaudio_t (process (getattr)))
                    (allow user_systemd_t pulseaudio_t (process (sigchld sigkill sigstop signull signal)))
                    (allow pulseaudio_t user_systemd_t (fd (use)))
                    (allow pulseaudio_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow pulseaudio_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow pulseaudio_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow pulseaudio_t user_systemd_t (lnk_file (read getattr)))
                    (allow pulseaudio_t user_systemd_t (process (getattr)))
                    (allow pulseaudio_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_164
                (roleattributeset cil_gen_require pyzor_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require pyzor_t)
                (typeattributeset cil_gen_require pyzor_exec_t)
                (typeattributeset cil_gen_require pyzor_home_t)
                (typeattributeset cil_gen_require pyzor_tmp_t)
                (roleattributeset cil_gen_require pyzor_roles)
                (roleattributeset pyzor_roles (user_r ))
                (allow user_application_exec_domain pyzor_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain pyzor_t (process (transition)))
                (dontaudit user_application_exec_domain pyzor_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain pyzor_exec_t process pyzor_t)
                (allow pyzor_t user_application_exec_domain (fd (use)))
                (allow pyzor_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow pyzor_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain pyzor_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain pyzor_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain pyzor_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain pyzor_t (lnk_file (read getattr)))
                (allow user_application_exec_domain pyzor_t (process (getattr)))
                (allow user_t pyzor_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t pyzor_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t pyzor_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t pyzor_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t pyzor_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir ".pyzor" pyzor_home_t)
                (optional unprivuser_optional_165
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t pyzor_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t pyzor_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t pyzor_t (lnk_file (read getattr)))
                    (allow user_systemd_t pyzor_t (process (getattr)))
                    (allow user_systemd_t pyzor_t (process (sigchld sigkill sigstop signull signal)))
                    (allow pyzor_t user_systemd_t (fd (use)))
                    (allow pyzor_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow pyzor_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow pyzor_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow pyzor_t user_systemd_t (lnk_file (read getattr)))
                    (allow pyzor_t user_systemd_t (process (getattr)))
                    (allow pyzor_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_166
                (roleattributeset cil_gen_require razor_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require razor_t)
                (typeattributeset cil_gen_require razor_exec_t)
                (typeattributeset cil_gen_require razor_home_t)
                (typeattributeset cil_gen_require razor_tmp_t)
                (roleattributeset cil_gen_require razor_roles)
                (roleattributeset razor_roles (user_r ))
                (allow user_application_exec_domain razor_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain razor_t (process (transition)))
                (dontaudit user_application_exec_domain razor_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain razor_exec_t process razor_t)
                (allow razor_t user_application_exec_domain (fd (use)))
                (allow razor_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow razor_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain razor_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain razor_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain razor_t (lnk_file (read getattr)))
                (allow user_application_exec_domain razor_t (process (getattr)))
                (allow user_application_exec_domain razor_t (process (signal)))
                (allow user_t razor_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t razor_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t razor_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t razor_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t razor_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir ".razor" razor_home_t)
                (optional unprivuser_optional_167
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t razor_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t razor_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t razor_t (lnk_file (read getattr)))
                    (allow user_systemd_t razor_t (process (getattr)))
                    (allow user_systemd_t razor_t (process (sigchld sigkill sigstop signull signal)))
                    (allow razor_t user_systemd_t (fd (use)))
                    (allow razor_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow razor_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow razor_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow razor_t user_systemd_t (lnk_file (read getattr)))
                    (allow razor_t user_systemd_t (process (getattr)))
                    (allow razor_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_168
                (roleattributeset cil_gen_require rssh_roles)
                (typeattributeset cil_gen_require rssh_t)
                (typeattributeset cil_gen_require rssh_exec_t)
                (typeattributeset cil_gen_require rssh_ro_t)
                (typeattributeset cil_gen_require rssh_rw_t)
                (roleattributeset cil_gen_require rssh_roles)
                (roleattributeset rssh_roles (user_r ))
                (allow user_t rssh_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t rssh_t (process (transition)))
                (dontaudit user_t rssh_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t rssh_exec_t process rssh_t)
                (allow rssh_t user_t (fd (use)))
                (allow rssh_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow rssh_t user_t (process (sigchld)))
                (allow user_t rssh_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_t rssh_t (dir (ioctl read getattr lock open search)))
                (allow user_t rssh_t (file (ioctl read getattr lock open)))
                (allow user_t rssh_t (lnk_file (read getattr)))
                (allow user_t rssh_t (process (getattr)))
                (allow user_t rssh_ro_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t rssh_rw_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t rssh_ro_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t rssh_rw_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
            )
            (optional unprivuser_optional_169
                (roleattributeset cil_gen_require sigrok_roles)
                (typeattributeset cil_gen_require sigrok_t)
                (typeattributeset cil_gen_require sigrok_exec_t)
                (roleattributeset cil_gen_require sigrok_roles)
                (roleattributeset sigrok_roles (user_r ))
                (allow user_t sigrok_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t sigrok_t (process (transition)))
                (dontaudit user_t sigrok_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t sigrok_exec_t process sigrok_t)
                (allow sigrok_t user_t (fd (use)))
                (allow sigrok_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow sigrok_t user_t (process (sigchld)))
            )
            (optional unprivuser_optional_170
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require spamc_t)
                (typeattributeset cil_gen_require spamc_exec_t)
                (typeattributeset cil_gen_require spamc_tmp_t)
                (typeattributeset cil_gen_require spamassassin_t)
                (typeattributeset cil_gen_require spamassassin_exec_t)
                (typeattributeset cil_gen_require spamd_home_t)
                (typeattributeset cil_gen_require spamd_update_t)
                (typeattributeset cil_gen_require spamd_update_exec_t)
                (typeattributeset cil_gen_require spamassassin_home_t)
                (typeattributeset cil_gen_require spamassassin_tmp_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r spamc_t)
                (roletype user_r spamassassin_t)
                (roletype user_r spamd_update_t)
                (allow user_application_exec_domain spamassassin_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain spamassassin_t (process (transition)))
                (dontaudit user_application_exec_domain spamassassin_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain spamassassin_exec_t process spamassassin_t)
                (allow spamassassin_t user_application_exec_domain (fd (use)))
                (allow spamassassin_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow spamassassin_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain spamc_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain spamc_t (process (transition)))
                (dontaudit user_application_exec_domain spamc_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain spamc_exec_t process spamc_t)
                (allow spamc_t user_application_exec_domain (fd (use)))
                (allow spamc_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow spamc_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain spamd_update_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain spamd_update_t (process (transition)))
                (dontaudit user_application_exec_domain spamd_update_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain spamd_update_exec_t process spamd_update_t)
                (allow spamd_update_t user_application_exec_domain (fd (use)))
                (allow spamd_update_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow spamd_update_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain spamc_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain spamassassin_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain spamd_update_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain spamc_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain spamassassin_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain spamd_update_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain spamc_t (lnk_file (read getattr)))
                (allow user_application_exec_domain spamassassin_t (lnk_file (read getattr)))
                (allow user_application_exec_domain spamd_update_t (lnk_file (read getattr)))
                (allow user_application_exec_domain spamc_t (process (getattr)))
                (allow user_application_exec_domain spamassassin_t (process (getattr)))
                (allow user_application_exec_domain spamd_update_t (process (getattr)))
                (allow user_application_exec_domain spamc_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain spamassassin_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain spamd_update_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_t spamc_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t spamd_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t spamassassin_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t spamassassin_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t spamc_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t spamd_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t spamassassin_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t spamassassin_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t spamc_tmp_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t spamd_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t spamassassin_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t spamassassin_tmp_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir ".spamd" spamd_home_t)
                (typetransition user_t user_home_dir_t dir ".spamassassin" spamassassin_home_t)
                (optional unprivuser_optional_171
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t spamassassin_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t spamassassin_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t spamassassin_t (lnk_file (read getattr)))
                    (allow user_systemd_t spamassassin_t (process (getattr)))
                    (allow user_systemd_t spamassassin_t (process (sigchld sigkill sigstop signull signal)))
                    (allow spamassassin_t user_systemd_t (fd (use)))
                    (allow spamassassin_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow spamassassin_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow spamassassin_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow spamassassin_t user_systemd_t (lnk_file (read getattr)))
                    (allow spamassassin_t user_systemd_t (process (getattr)))
                    (allow spamassassin_t user_systemd_t (process (sigchld)))
                    (allow user_systemd_t spamc_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t spamc_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t spamc_t (lnk_file (read getattr)))
                    (allow user_systemd_t spamc_t (process (getattr)))
                    (allow user_systemd_t spamc_t (process (sigchld sigkill sigstop signull signal)))
                    (allow spamc_t user_systemd_t (fd (use)))
                    (allow spamc_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow spamc_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow spamc_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow spamc_t user_systemd_t (lnk_file (read getattr)))
                    (allow spamc_t user_systemd_t (process (getattr)))
                    (allow spamc_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_172
                (type user_ssh_agent_t)
                (roletype object_r user_ssh_agent_t)
                (typeattributeset cil_gen_require user_devpts_t)
                (typeattributeset cil_gen_require user_tty_device_t)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_t ))
                (typeattributeset cil_gen_require selinux_config_t)
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_t ))
                (typeattributeset cil_gen_require devpts_t)
                (typeattributeset cil_gen_require console_device_t)
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require proc_t)
                (typeattributeset cil_gen_require sysctl_t)
                (typeattributeset cil_gen_require sysctl_kernel_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require etc_runtime_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require lib_t)
                (typeattributeset cil_gen_require locale_t)
                (typeattributeset cil_gen_require cert_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require syslogd_t)
                (typeattributeset cil_gen_require syslogd_runtime_t)
                (typeattributeset cil_gen_require devlog_t)
                (typeattributeset cil_gen_require init_runtime_t)
                (typeattributeset cil_gen_require user_home_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require nfs_t)
                (typeattributeset cil_gen_require cifs_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require urandom_device_t)
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (user_t ))
                (typeattributeset cil_gen_require autofs_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require random_device_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require ssh_t)
                (typeattributeset cil_gen_require ssh_exec_t)
                (typeattributeset cil_gen_require ssh_server)
                (typeattributeset cil_gen_require ssh_agent_type)
                (typeattributeset cil_gen_require ssh_home_t)
                (typeattributeset cil_gen_require ssh_agent_exec_t)
                (typeattributeset cil_gen_require ssh_agent_tmp_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r ssh_t)
                (roletype user_r user_ssh_agent_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (ssh_agent_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (ssh_agent_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_ssh_agent_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (user_ssh_agent_t ))
                (typeattributeset cil_gen_require ssh_agent_type)
                (typeattributeset ssh_agent_type (user_ssh_agent_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (ssh_agent_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_ssh_agent_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (ssh_agent_exec_t ))
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (user_ssh_agent_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (ssh_agent_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (ssh_agent_exec_t ))
                (allow user_ssh_agent_t ssh_agent_exec_t (file (entrypoint)))
                (allow user_ssh_agent_t ssh_agent_exec_t (file (ioctl read getattr lock map execute open)))
                (allow user_application_exec_domain ssh_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain ssh_t (process (transition)))
                (dontaudit user_application_exec_domain ssh_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain ssh_exec_t process ssh_t)
                (allow ssh_t user_application_exec_domain (fd (use)))
                (allow ssh_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow ssh_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain ssh_server (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                (allow user_application_exec_domain ssh_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain ssh_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain ssh_t (lnk_file (read getattr)))
                (allow user_application_exec_domain ssh_t (process (getattr)))
                (allow user_application_exec_domain ssh_t (process (signal)))
                (allow ssh_t user_application_exec_domain (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (allow ssh_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow ssh_t user_application_exec_domain (key (view read write search link setattr create)))
                (allow user_t ssh_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t ssh_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t ssh_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t ssh_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t ssh_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t ssh_home_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (getattr open search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t self (process (signal setrlimit)))
                (allow user_ssh_agent_t self (capability (setgid)))
                (allow user_ssh_agent_t self (fifo_file (ioctl read write getattr lock append open)))
                (allow user_ssh_agent_t user_application_exec_domain (process (signull)))
                (allow user_ssh_agent_t user_ssh_agent_t (process (signull)))
                (allow user_ssh_agent_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
                (allow user_ssh_agent_t ssh_agent_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_ssh_agent_t ssh_agent_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_ssh_agent_t ssh_agent_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_ssh_agent_t ssh_agent_tmp_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_ssh_agent_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition user_ssh_agent_t tmp_t sock_file ssh_agent_tmp_t)
                (typetransition user_ssh_agent_t tmp_t dir ssh_agent_tmp_t)
                (allow user_application_exec_domain ssh_agent_tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain ssh_agent_tmp_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain user_ssh_agent_t (unix_stream_socket (connectto)))
                (allow user_application_exec_domain user_ssh_agent_t (process (signal)))
                (allow user_application_exec_domain user_ssh_agent_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain user_ssh_agent_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain user_ssh_agent_t (lnk_file (read getattr)))
                (allow user_application_exec_domain user_ssh_agent_t (process (getattr)))
                (allow user_application_exec_domain ssh_agent_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain user_ssh_agent_t (process (transition)))
                (dontaudit user_application_exec_domain user_ssh_agent_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain ssh_agent_exec_t process user_ssh_agent_t)
                (allow user_ssh_agent_t user_application_exec_domain (fd (use)))
                (allow user_ssh_agent_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_ssh_agent_t user_application_exec_domain (process (sigchld)))
                (allow user_ssh_agent_t proc_t (dir (getattr open search)))
                (allow user_ssh_agent_t sysctl_t (dir (getattr open search)))
                (allow user_ssh_agent_t sysctl_kernel_t (dir (getattr open search)))
                (allow user_ssh_agent_t sysctl_kernel_t (file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t proc_t (dir (getattr open search)))
                (allow user_ssh_agent_t sysctl_t (dir (getattr open search)))
                (allow user_ssh_agent_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t device_t (dir (getattr open search)))
                (allow user_ssh_agent_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t device_t (dir (getattr open search)))
                (allow user_ssh_agent_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t autofs_t (dir (getattr open search)))
                (allow user_ssh_agent_t bin_t (dir (getattr open search)))
                (allow user_ssh_agent_t bin_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t usr_t (dir (getattr open search)))
                (allow user_ssh_agent_t bin_t (dir (getattr open search)))
                (allow user_ssh_agent_t bin_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow user_ssh_agent_t user_t (process (transition)))
                (dontaudit user_ssh_agent_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_ssh_agent_t shell_exec_t process user_t)
                (allow user_ssh_agent_t bin_t (dir (getattr open search)))
                (allow user_ssh_agent_t bin_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t usr_t (dir (getattr open search)))
                (allow user_ssh_agent_t bin_t (file (ioctl read getattr map execute open)))
                (allow user_ssh_agent_t user_t (process (transition)))
                (dontaudit user_ssh_agent_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_ssh_agent_t bin_t process user_t)
                (allow user_ssh_agent_t privfd (fd (use)))
                (allow user_ssh_agent_t etc_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t etc_t (dir (getattr open search)))
                (allow user_ssh_agent_t etc_t (file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t etc_t (dir (getattr open search)))
                (allow user_ssh_agent_t etc_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t etc_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t etc_t (dir (getattr open search)))
                (allow user_ssh_agent_t etc_runtime_t (file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t etc_t (dir (getattr open search)))
                (allow user_ssh_agent_t etc_runtime_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t usr_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t usr_t (dir (getattr open search)))
                (allow user_ssh_agent_t usr_t (file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t usr_t (dir (getattr open search)))
                (allow user_ssh_agent_t usr_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t home_root_t (dir (getattr open search)))
                (allow user_ssh_agent_t home_root_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t usr_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t lib_t (dir (getattr open search)))
                (allow user_ssh_agent_t lib_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t lib_t (dir (getattr open search)))
                (allow user_ssh_agent_t lib_t (file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t lib_t (dir (getattr open search)))
                (allow user_ssh_agent_t lib_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t devlog_t (sock_file (write getattr append open)))
                (allow user_ssh_agent_t var_run_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t var_t (dir (getattr open search)))
                (allow user_ssh_agent_t var_run_t (dir (getattr open search)))
                (allow user_ssh_agent_t init_runtime_t (dir (getattr open search)))
                (allow user_ssh_agent_t syslogd_runtime_t (dir (getattr open search)))
                (allow user_ssh_agent_t syslogd_t (unix_dgram_socket (sendto)))
                (allow user_ssh_agent_t syslogd_t (unix_stream_socket (connectto)))
                (allow user_ssh_agent_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_ssh_agent_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_ssh_agent_t device_t (dir (getattr open search)))
                (allow user_ssh_agent_t device_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t device_t (dir (getattr open search)))
                (allow user_ssh_agent_t device_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t console_device_t (chr_file (ioctl write getattr lock append open)))
                (dontaudit user_ssh_agent_t console_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t etc_t (dir (getattr open search)))
                (allow user_ssh_agent_t etc_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t usr_t (dir (getattr open search)))
                (allow user_ssh_agent_t locale_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t locale_t (dir (getattr open search)))
                (allow user_ssh_agent_t locale_t (file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t locale_t (dir (getattr open search)))
                (allow user_ssh_agent_t locale_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t locale_t (file (map)))
                (allow user_ssh_agent_t cert_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t cert_t (dir (getattr open search)))
                (allow user_ssh_agent_t cert_t (file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t cert_t (dir (getattr open search)))
                (allow user_ssh_agent_t cert_t (lnk_file (read getattr)))
                (dontaudit user_ssh_agent_t selinux_config_t (dir (getattr open search)))
                (dontaudit user_ssh_agent_t selinux_config_t (file (ioctl read getattr lock open)))
                (allow user_ssh_agent_t device_t (dir (getattr open search)))
                (allow user_ssh_agent_t device_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t device_t (dir (getattr open search)))
                (allow user_ssh_agent_t device_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t devpts_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t user_devpts_t (chr_file (ioctl read write getattr append open)))
                (allow user_ssh_agent_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
                (allow user_ssh_agent_t home_root_t (dir (ioctl read getattr lock open search)))
                (allow user_ssh_agent_t home_root_t (lnk_file (read getattr)))
                (allow user_ssh_agent_t user_home_t (dir (getattr open search)))
                (allow user_ssh_agent_t user_home_dir_t (dir (getattr open search)))
                (allow user_ssh_agent_t user_home_t (file (ioctl read getattr map execute open)))
                (allow user_ssh_agent_t user_t (process (transition)))
                (dontaudit user_ssh_agent_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_ssh_agent_t user_home_t process user_t)
                (allow user_ssh_agent_t user_home_dir_t (dir (getattr open search)))
                (allow user_ssh_agent_t home_root_t (dir (getattr open search)))
                (allow user_ssh_agent_t home_root_t (lnk_file (read getattr)))
                (allow user_application_exec_domain user_ssh_agent_t (fd (use)))
                (allow user_application_exec_domain user_ssh_agent_t (fifo_file (ioctl read write getattr lock append)))
                (allow user_application_exec_domain user_ssh_agent_t (process (sigchld)))
                (booleanif (use_samba_home_dirs)
                    (true
                        (typetransition user_ssh_agent_t cifs_t process user_t)
                        (dontaudit user_ssh_agent_t user_t (process (noatsecure siginh rlimitinh)))
                        (allow user_ssh_agent_t user_t (process (transition)))
                        (allow user_ssh_agent_t cifs_t (file (ioctl read getattr map execute open)))
                        (allow user_ssh_agent_t cifs_t (dir (getattr open search)))
                        (allow user_ssh_agent_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                        (allow user_ssh_agent_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                    )
                )
                (booleanif (use_nfs_home_dirs)
                    (true
                        (typetransition user_ssh_agent_t nfs_t process user_t)
                        (dontaudit user_ssh_agent_t user_t (process (noatsecure siginh rlimitinh)))
                        (allow user_ssh_agent_t user_t (process (transition)))
                        (allow user_ssh_agent_t nfs_t (file (ioctl read getattr map execute open)))
                        (allow user_ssh_agent_t nfs_t (dir (getattr open search)))
                        (allow user_ssh_agent_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                        (allow user_ssh_agent_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                    )
                )
                (optional unprivuser_optional_173
                    (typeattributeset cil_gen_require init_t)
                    (allow user_ssh_agent_t init_t (process (sigchld)))
                    (allow user_ssh_agent_t init_t (process (signull)))
                    (optional unprivuser_optional_174
                        (typeattributeset cil_gen_require rpm_t)
                        (allow user_ssh_agent_t rpm_t (fd (use)))
                        (allow user_ssh_agent_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional unprivuser_optional_175
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit user_ssh_agent_t security_t (filesystem (getattr)))
                        (dontaudit user_ssh_agent_t sysfs_t (filesystem (getattr)))
                        (dontaudit user_ssh_agent_t sysfs_t (dir (getattr open search)))
                        (dontaudit user_ssh_agent_t security_t (dir (getattr open search)))
                        (dontaudit user_ssh_agent_t security_t (file (ioctl read getattr lock open)))
                        (optional unprivuser_optional_176
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit user_ssh_agent_t selinux_config_t (dir (getattr open search)))
                            (dontaudit user_ssh_agent_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional unprivuser_optional_177
                                (typeattributeset cil_gen_require user_systemd_t)
                                (allow user_systemd_t ssh_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t ssh_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t ssh_t (lnk_file (read getattr)))
                                (allow user_systemd_t ssh_t (process (getattr)))
                                (allow user_systemd_t ssh_t (process (sigchld sigkill sigstop signull signal)))
                                (allow ssh_t user_systemd_t (fd (use)))
                                (allow ssh_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow ssh_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow ssh_t user_systemd_t (file (ioctl read getattr lock open)))
                                (allow ssh_t user_systemd_t (lnk_file (read getattr)))
                                (allow ssh_t user_systemd_t (process (getattr)))
                                (allow ssh_t user_systemd_t (process (sigchld)))
                            )
                            (optional unprivuser_optional_178
                                (typeattributeset cil_gen_require cockpit_session_t)
                                (allow user_ssh_agent_t cockpit_session_t (fd (use)))
                                (allow user_ssh_agent_t cockpit_session_t (fifo_file (ioctl read write getattr lock append open)))
                                (allow cockpit_session_t user_ssh_agent_t (process (signal)))
                            )
                            (optional unprivuser_optional_179
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require net_conf_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require netlabel_peer_t)
                                (typeattributeset cil_gen_require netif_t)
                                (typeattributeset cil_gen_require node_t)
                                (typeattributeset cil_gen_require port_type)
                                (typeattributeset cil_gen_require port_t)
                                (typeattributeset cil_gen_require defined_port_type)
                                (typeattributeset cil_gen_require reserved_port_type)
                                (typeattributeset cil_gen_require var_yp_t)
                                (typeattributeset cil_gen_require portmap_port_t)
                                (typeattributeset cil_gen_require reserved_port_t)
                                (typeattributeset cil_gen_require portmap_client_packet_t)
                                (typeattributeset cil_gen_require client_packet_t)
                                (typeattributeset cil_gen_require server_packet_t)
                                (booleanif (allow_ypbind)
                                    (true
                                        (allow user_ssh_agent_t net_conf_t (lnk_file (read getattr)))
                                        (allow user_ssh_agent_t net_conf_t (file (ioctl read getattr lock open)))
                                        (allow user_ssh_agent_t net_conf_t (dir (ioctl read getattr lock open search)))
                                        (allow user_ssh_agent_t var_run_t (dir (getattr open search)))
                                        (allow user_ssh_agent_t var_t (dir (getattr open search)))
                                        (allow user_ssh_agent_t var_run_t (lnk_file (read getattr)))
                                        (allow user_ssh_agent_t etc_t (dir (getattr open search)))
                                        (allow user_ssh_agent_t server_packet_t (packet (recv)))
                                        (allow user_ssh_agent_t server_packet_t (packet (send)))
                                        (allow user_ssh_agent_t client_packet_t (packet (recv)))
                                        (allow user_ssh_agent_t client_packet_t (packet (send)))
                                        (allow user_ssh_agent_t portmap_client_packet_t (packet (recv)))
                                        (allow user_ssh_agent_t portmap_client_packet_t (packet (send)))
                                        (dontaudit user_ssh_agent_t port_type (tcp_socket (name_connect)))
                                        (allow user_ssh_agent_t port_t (tcp_socket (name_connect)))
                                        (allow user_ssh_agent_t reserved_port_t (tcp_socket (name_connect)))
                                        (allow user_ssh_agent_t portmap_port_t (tcp_socket (name_connect)))
                                        (dontaudit user_ssh_agent_t port_type (udp_socket (name_bind)))
                                        (dontaudit user_ssh_agent_t port_type (tcp_socket (name_bind)))
                                        (dontaudit user_ssh_agent_t reserved_port_type (udp_socket (name_bind)))
                                        (dontaudit user_ssh_agent_t reserved_port_type (tcp_socket (name_bind)))
                                        (dontaudit user_ssh_agent_t defined_port_type (udp_socket (name_bind)))
                                        (allow user_ssh_agent_t port_t (udp_socket (name_bind)))
                                        (dontaudit user_ssh_agent_t defined_port_type (tcp_socket (name_bind)))
                                        (allow user_ssh_agent_t port_t (tcp_socket (name_bind)))
                                        (allow user_ssh_agent_t node_t (udp_socket (node_bind)))
                                        (allow user_ssh_agent_t node_t (tcp_socket (node_bind)))
                                        (allow user_ssh_agent_t node_t (node (recvfrom)))
                                        (allow user_ssh_agent_t node_t (node (sendto)))
                                        (allow user_ssh_agent_t node_t (node (recvfrom sendto)))
                                        (allow user_ssh_agent_t netif_t (netif (ingress)))
                                        (allow user_ssh_agent_t netif_t (netif (egress)))
                                        (allow user_ssh_agent_t netif_t (netif (ingress egress)))
                                        (allow user_ssh_agent_t netlabel_peer_t (tcp_socket (recvfrom)))
                                        (allow user_ssh_agent_t netlabel_peer_t (udp_socket (recvfrom)))
                                        (allow user_ssh_agent_t netlabel_peer_t (rawip_socket (recvfrom)))
                                        (allow user_ssh_agent_t netlabel_peer_t (peer (recv)))
                                        (allow user_ssh_agent_t var_yp_t (lnk_file (read getattr)))
                                        (allow user_ssh_agent_t var_yp_t (file (ioctl read getattr lock open)))
                                        (allow user_ssh_agent_t var_yp_t (dir (ioctl read getattr lock open search)))
                                        (allow user_ssh_agent_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                        (allow user_ssh_agent_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                        (allow user_ssh_agent_t self (capability (net_bind_service)))
                                    )
                                )
                            )
                            (optional unprivuser_optional_180
                                (typeattributeset cil_gen_require user_systemd_t)
                                (allow user_systemd_t user_ssh_agent_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t user_ssh_agent_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t user_ssh_agent_t (lnk_file (read getattr)))
                                (allow user_systemd_t user_ssh_agent_t (process (getattr)))
                                (allow user_systemd_t user_ssh_agent_t (process (sigchld sigkill sigstop signull signal)))
                                (allow user_ssh_agent_t user_systemd_t (fd (use)))
                                (allow user_ssh_agent_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow user_ssh_agent_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow user_ssh_agent_t user_systemd_t (file (ioctl read getattr lock open)))
                                (allow user_ssh_agent_t user_systemd_t (lnk_file (read getattr)))
                                (allow user_ssh_agent_t user_systemd_t (process (getattr)))
                                (allow user_ssh_agent_t user_systemd_t (process (sigchld)))
                            )
                            (optional unprivuser_optional_181
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require user_runtime_t)
                                (typeattributeset cil_gen_require user_runtime_root_t)
                                (typeattributeset cil_gen_require gpg_agent_t)
                                (typeattributeset cil_gen_require gpg_agent_tmp_t)
                                (typeattributeset cil_gen_require gpg_secret_t)
                                (typeattributeset cil_gen_require gpg_runtime_t)
                                (booleanif (ssh_use_gpg_agent)
                                    (true
                                        (allow user_application_exec_domain home_root_t (lnk_file (read getattr)))
                                        (allow user_application_exec_domain home_root_t (dir (getattr open search)))
                                        (allow user_application_exec_domain user_home_dir_t (dir (getattr open search)))
                                        (allow user_application_exec_domain var_run_t (dir (getattr open search)))
                                        (allow user_application_exec_domain var_t (dir (getattr open search)))
                                        (allow user_application_exec_domain var_run_t (lnk_file (read getattr)))
                                        (allow user_application_exec_domain user_runtime_root_t (dir (getattr open search)))
                                        (allow user_application_exec_domain user_runtime_t (dir (getattr open search)))
                                        (allow user_application_exec_domain gpg_secret_t (dir (getattr open search)))
                                        (allow user_application_exec_domain gpg_runtime_t (dir (getattr open search)))
                                        (allow user_application_exec_domain gpg_agent_t (unix_stream_socket (connectto)))
                                        (allow user_application_exec_domain gpg_agent_tmp_t (sock_file (write getattr append open)))
                                        (allow user_application_exec_domain gpg_agent_tmp_t (dir (getattr open search)))
                                    )
                                )
                            )
                            (optional unprivuser_optional_182
                                (typeattributeset cil_gen_require xdm_t)
                                (typeattributeset cil_gen_require xsession_log_t)
                                (allow user_ssh_agent_t xdm_t (fd (use)))
                                (allow user_ssh_agent_t xdm_t (fifo_file (ioctl read write getattr lock append)))
                                (allow user_ssh_agent_t xdm_t (process (sigchld)))
                                (allow user_ssh_agent_t xsession_log_t (file (ioctl write getattr lock append)))
                            )
                        )
                    )
                )
            )
            (optional unprivuser_optional_183
                (type user_su_t)
                (roletype object_r user_su_t)
                (typeattributeset cil_gen_require user_devpts_t)
                (typeattributeset cil_gen_require user_tty_device_t)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_t ))
                (typeattributeset cil_gen_require init_t)
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require sysfs_t)
                (typeattributeset cil_gen_require selinux_config_t)
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_t ))
                (typeattributeset cil_gen_require devpts_t)
                (typeattributeset cil_gen_require console_device_t)
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require proc_t)
                (typeattributeset cil_gen_require sysctl_t)
                (typeattributeset cil_gen_require sysctl_kernel_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require etc_runtime_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require locale_t)
                (typeattributeset cil_gen_require cert_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require syslogd_t)
                (typeattributeset cil_gen_require syslogd_runtime_t)
                (typeattributeset cil_gen_require devlog_t)
                (typeattributeset cil_gen_require init_runtime_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require nfs_t)
                (typeattributeset cil_gen_require cifs_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require urandom_device_t)
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (user_t ))
                (typeattributeset cil_gen_require autofs_t)
                (typeattributeset cil_gen_require wtmp_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require initrc_runtime_t)
                (typeattributeset cil_gen_require kernel_t)
                (typeattributeset cil_gen_require random_device_t)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_t ))
                (typeattributeset cil_gen_require var_log_t)
                (typeattributeset cil_gen_require fs_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require chkpwd_t)
                (typeattributeset cil_gen_require chkpwd_exec_t)
                (typeattributeset cil_gen_require shadow_t)
                (typeattributeset cil_gen_require auth_cache_t)
                (typeattributeset cil_gen_require faillog_t)
                (typeattributeset cil_gen_require su_exec_t)
                (typeattributeset cil_gen_require sudomain)
                (typeattributeset cil_gen_require lastlog_t)
                (typeattributeset cil_gen_require mlsfilewrite)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r user_su_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (su_exec_t ))
                (typeattributeset cil_gen_require sudomain)
                (typeattributeset sudomain (user_su_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (su_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_su_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (user_su_t ))
                (typeattributeset cil_gen_require mlsfilewrite)
                (typeattributeset mlsfilewrite (user_su_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_su_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (su_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_su_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (su_exec_t ))
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (user_su_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (su_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (su_exec_t ))
                (allow user_su_t su_exec_t (file (entrypoint)))
                (allow user_su_t su_exec_t (file (ioctl read getattr lock map execute open)))
                (allow user_su_t user_t (process (sigkill signal)))
                (allow user_su_t self (capability (chown dac_override fowner setgid setuid net_bind_service sys_nice sys_resource audit_write audit_control)))
                (dontaudit user_su_t self (capability (net_admin sys_tty_config)))
                (allow user_su_t self (process (signal setsched setexec setrlimit)))
                (allow user_su_t self (fifo_file (ioctl read write getattr lock append open)))
                (allow user_su_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write nlmsg_relay)))
                (allow user_su_t self (key (write search)))
                (allow user_su_t bin_t (dir (getattr open search)))
                (allow user_su_t bin_t (lnk_file (read getattr)))
                (allow user_su_t usr_t (dir (getattr open search)))
                (allow user_su_t bin_t (dir (getattr open search)))
                (allow user_su_t bin_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow user_su_t user_t (process (transition)))
                (dontaudit user_su_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_su_t shell_exec_t process user_t)
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t proc_t (file (ioctl read getattr lock open)))
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t proc_t (lnk_file (read getattr)))
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t proc_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t sysctl_t (dir (getattr open search)))
                (allow user_su_t sysctl_kernel_t (dir (getattr open search)))
                (allow user_su_t sysctl_kernel_t (file (ioctl read getattr lock open)))
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t sysctl_t (dir (getattr open search)))
                (allow user_su_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t kernel_t (key (search)))
                (allow user_su_t kernel_t (key (link)))
                (dontaudit user_su_t proc_t (filesystem (getattr)))
                (allow user_su_t device_t (dir (getattr open search)))
                (allow user_su_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_su_t autofs_t (dir (getattr open search)))
                (allow user_su_t sysfs_t (dir (getattr open search)))
                (allow user_su_t sysfs_t (dir (getattr open search)))
                (allow user_su_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_su_t security_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t security_t (file (ioctl read write getattr map open)))
                (allow user_su_t security_t (security (compute_av)))
                (allow user_su_t sysfs_t (dir (getattr open search)))
                (allow user_su_t sysfs_t (dir (getattr open search)))
                (allow user_su_t security_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t security_t (file (ioctl read getattr map open)))
                (allow user_su_t auth_cache_t (dir (getattr open search)))
                (allow user_su_t bin_t (dir (getattr open search)))
                (allow user_su_t bin_t (lnk_file (read getattr)))
                (allow user_su_t usr_t (dir (getattr open search)))
                (allow user_su_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_su_t chkpwd_t (process (transition)))
                (dontaudit user_su_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_su_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t user_su_t (fd (use)))
                (allow chkpwd_t user_su_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t user_su_t (process (sigchld)))
                (dontaudit user_su_t shadow_t (file (ioctl read getattr lock open)))
                (allow user_su_t device_t (dir (getattr open search)))
                (allow user_su_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_su_t device_t (dir (getattr open search)))
                (allow user_su_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_su_t var_t (dir (getattr open search)))
                (allow user_su_t var_log_t (dir (getattr open search)))
                (allow user_su_t var_log_t (lnk_file (read getattr)))
                (allow user_su_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow user_su_t self (capability (audit_write)))
                (allow user_su_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow user_su_t cert_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t cert_t (dir (getattr open search)))
                (allow user_su_t cert_t (file (ioctl read getattr lock open)))
                (allow user_su_t cert_t (dir (getattr open search)))
                (allow user_su_t cert_t (lnk_file (read getattr)))
                (dontaudit user_su_t shadow_t (file (ioctl read getattr lock open)))
                (allow user_su_t faillog_t (dir (ioctl write getattr lock open add_name search)))
                (allow user_su_t faillog_t (file (create getattr open)))
                (allow user_su_t var_t (dir (getattr open search)))
                (allow user_su_t var_log_t (dir (getattr open search)))
                (allow user_su_t var_log_t (lnk_file (read getattr)))
                (allow user_su_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow user_su_t faillog_t (dir (getattr open search)))
                (allow user_su_t faillog_t (file (setattr)))
                (allow user_su_t var_t (dir (getattr open search)))
                (allow user_su_t var_log_t (dir (getattr open search)))
                (allow user_su_t var_log_t (lnk_file (read getattr)))
                (allow user_su_t lastlog_t (file (ioctl read write getattr setattr lock append open)))
                (allow user_su_t wtmp_t (file (ioctl write getattr lock append open)))
                (allow user_su_t bin_t (dir (getattr open search)))
                (allow user_su_t bin_t (lnk_file (read getattr)))
                (allow user_su_t usr_t (dir (getattr open search)))
                (allow user_su_t privfd (fd (use)))
                (allow user_su_t etc_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t etc_t (dir (getattr open search)))
                (allow user_su_t etc_t (file (ioctl read getattr lock open)))
                (allow user_su_t etc_t (dir (getattr open search)))
                (allow user_su_t etc_t (lnk_file (read getattr)))
                (allow user_su_t etc_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t etc_t (dir (getattr open search)))
                (allow user_su_t etc_runtime_t (file (ioctl read getattr lock open)))
                (allow user_su_t etc_t (dir (getattr open search)))
                (allow user_su_t etc_runtime_t (lnk_file (read getattr)))
                (allow user_su_t var_t (dir (getattr open search)))
                (allow user_su_t var_lib_t (dir (getattr open search)))
                (dontaudit user_su_t tmp_t (dir (getattr)))
                (dontaudit user_su_t init_t (fd (use)))
                (dontaudit user_su_t init_t (dir (getattr open search)))
                (dontaudit user_su_t init_t (file (ioctl read getattr lock open)))
                (dontaudit user_su_t init_t (lnk_file (read getattr)))
                (allow user_su_t var_run_t (lnk_file (read getattr)))
                (allow user_su_t var_t (dir (getattr open search)))
                (allow user_su_t var_run_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
                (allow user_su_t devlog_t (sock_file (write getattr append open)))
                (allow user_su_t var_run_t (lnk_file (read getattr)))
                (allow user_su_t var_t (dir (getattr open search)))
                (allow user_su_t var_run_t (dir (getattr open search)))
                (allow user_su_t init_runtime_t (dir (getattr open search)))
                (allow user_su_t syslogd_runtime_t (dir (getattr open search)))
                (allow user_su_t syslogd_t (unix_dgram_socket (sendto)))
                (allow user_su_t syslogd_t (unix_stream_socket (connectto)))
                (allow user_su_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_su_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_su_t device_t (dir (getattr open search)))
                (allow user_su_t device_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t device_t (dir (getattr open search)))
                (allow user_su_t device_t (lnk_file (read getattr)))
                (allow user_su_t console_device_t (chr_file (ioctl write getattr lock append open)))
                (dontaudit user_su_t console_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_su_t etc_t (dir (getattr open search)))
                (allow user_su_t etc_t (lnk_file (read getattr)))
                (allow user_su_t usr_t (dir (getattr open search)))
                (allow user_su_t locale_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t locale_t (dir (getattr open search)))
                (allow user_su_t locale_t (file (ioctl read getattr lock open)))
                (allow user_su_t locale_t (dir (getattr open search)))
                (allow user_su_t locale_t (lnk_file (read getattr)))
                (allow user_su_t locale_t (file (map)))
                (allow user_su_t security_t (filesystem (getattr)))
                (allow user_su_t sysfs_t (filesystem (getattr)))
                (allow user_su_t sysfs_t (dir (getattr open search)))
                (allow user_su_t sysfs_t (dir (getattr open search)))
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t proc_t (file (ioctl read getattr lock open)))
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t proc_t (lnk_file (read getattr)))
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t proc_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t etc_t (dir (getattr open search)))
                (allow user_su_t selinux_config_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t selinux_config_t (dir (getattr open search)))
                (allow user_su_t selinux_config_t (file (ioctl read getattr lock open)))
                (allow user_su_t selinux_config_t (dir (getattr open search)))
                (allow user_su_t selinux_config_t (lnk_file (read getattr)))
                (allow user_su_t device_t (dir (getattr open search)))
                (allow user_su_t device_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t device_t (dir (getattr open search)))
                (allow user_su_t device_t (lnk_file (read getattr)))
                (allow user_su_t devpts_t (dir (ioctl read getattr lock open search)))
                (allow user_su_t user_devpts_t (chr_file (ioctl read write getattr append open)))
                (allow user_su_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
                (allow user_su_t user_home_dir_t (dir (getattr open search)))
                (allow user_su_t home_root_t (dir (getattr open search)))
                (allow user_su_t home_root_t (lnk_file (read getattr)))
                (allow user_su_t security_t (filesystem (getattr)))
                (allow user_su_t sysfs_t (filesystem (getattr)))
                (allow user_su_t sysfs_t (dir (getattr open search)))
                (allow user_su_t sysfs_t (dir (getattr open search)))
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t proc_t (file (ioctl read getattr lock open)))
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t proc_t (lnk_file (read getattr)))
                (allow user_su_t proc_t (dir (getattr open search)))
                (allow user_su_t proc_t (dir (ioctl read getattr lock open search)))
                (booleanif (use_samba_home_dirs)
                    (true
                        (allow user_su_t cifs_t (dir (getattr open search)))
                    )
                )
                (booleanif (use_nfs_home_dirs)
                    (true
                        (allow user_su_t nfs_t (dir (getattr open search)))
                    )
                )
                (booleanif (allow_polyinstantiation)
                    (true
                        (allow user_su_t fs_t (filesystem (unmount)))
                        (allow user_su_t fs_t (filesystem (mount)))
                    )
                )
                (booleanif (su_allow_user_exec_domains)
                    (true
                        (allow user_application_exec_domain user_su_t (process (sigchld)))
                        (allow user_application_exec_domain user_su_t (fifo_file (ioctl read write getattr lock append)))
                        (allow user_application_exec_domain user_su_t (fd (use)))
                        (allow user_application_exec_domain user_su_t (process (getattr)))
                        (allow user_application_exec_domain user_su_t (lnk_file (read getattr)))
                        (allow user_application_exec_domain user_su_t (file (ioctl read getattr lock open)))
                        (allow user_application_exec_domain user_su_t (dir (ioctl read getattr lock open search)))
                        (allow user_su_t user_application_exec_domain (process (sigchld)))
                        (allow user_su_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow user_su_t user_application_exec_domain (fd (use)))
                        (typetransition user_application_exec_domain su_exec_t process user_su_t)
                        (dontaudit user_application_exec_domain user_su_t (process (noatsecure siginh rlimitinh)))
                        (allow user_application_exec_domain user_su_t (process (transition)))
                        (allow user_application_exec_domain su_exec_t (file (ioctl read getattr map execute open)))
                        (allow user_su_t user_application_exec_domain (key (search)))
                        (allow user_application_exec_domain user_su_t (process (signal)))
                    )
                    (false
                        (allow user_t user_su_t (process (sigchld)))
                        (allow user_t user_su_t (fifo_file (ioctl read write getattr lock append)))
                        (allow user_t user_su_t (fd (use)))
                        (allow user_t user_su_t (process (getattr)))
                        (allow user_t user_su_t (lnk_file (read getattr)))
                        (allow user_t user_su_t (file (ioctl read getattr lock open)))
                        (allow user_t user_su_t (dir (ioctl read getattr lock open search)))
                        (allow user_su_t user_t (process (sigchld)))
                        (allow user_su_t user_t (fifo_file (ioctl read write getattr lock append)))
                        (allow user_su_t user_t (fd (use)))
                        (typetransition user_t su_exec_t process user_su_t)
                        (dontaudit user_t user_su_t (process (noatsecure siginh rlimitinh)))
                        (allow user_t user_su_t (process (transition)))
                        (allow user_t su_exec_t (file (ioctl read getattr map execute open)))
                        (allow user_su_t user_t (key (search)))
                        (allow user_t user_su_t (process (signal)))
                    )
                )
                (optional unprivuser_optional_184
                    (typeattributeset cil_gen_require init_t)
                    (allow user_su_t init_t (process (sigchld)))
                    (allow user_su_t init_t (process (signull)))
                    (optional unprivuser_optional_185
                        (typeattributeset cil_gen_require rpm_t)
                        (allow user_su_t rpm_t (fd (use)))
                        (allow user_su_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional unprivuser_optional_186
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit user_su_t security_t (filesystem (getattr)))
                        (dontaudit user_su_t sysfs_t (filesystem (getattr)))
                        (dontaudit user_su_t sysfs_t (dir (getattr open search)))
                        (dontaudit user_su_t security_t (dir (getattr open search)))
                        (dontaudit user_su_t security_t (file (ioctl read getattr lock open)))
                        (optional unprivuser_optional_187
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit user_su_t selinux_config_t (dir (getattr open search)))
                            (dontaudit user_su_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional unprivuser_optional_188
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require krb5_keytab_t)
                                (allow user_su_t etc_t (dir (getattr open search)))
                                (allow user_su_t krb5_keytab_t (file (ioctl read getattr lock open)))
                            )
                            (optional unprivuser_optional_189
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require pcscd_t)
                                (typeattributeset cil_gen_require pcscd_runtime_t)
                                (allow user_su_t var_run_t (lnk_file (read getattr)))
                                (allow user_su_t var_t (dir (getattr open search)))
                                (allow user_su_t var_run_t (dir (getattr open search)))
                                (allow user_su_t pcscd_runtime_t (dir (getattr open search)))
                                (allow user_su_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                (allow user_su_t var_run_t (lnk_file (read getattr)))
                                (allow user_su_t var_t (dir (getattr open search)))
                                (allow user_su_t var_run_t (dir (getattr open search)))
                                (allow user_su_t pcscd_runtime_t (dir (getattr open search)))
                                (allow user_su_t pcscd_runtime_t (sock_file (write getattr append open)))
                                (allow user_su_t pcscd_t (unix_stream_socket (connectto)))
                                (allow pcscd_t user_su_t (dir (ioctl read getattr lock open search)))
                                (allow pcscd_t user_su_t (file (ioctl read getattr lock open)))
                            )
                            (optional unprivuser_optional_190
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require etc_runtime_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require systemd_machined_t)
                                (typeattributeset cil_gen_require systemd_logind_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (user_su_t ))
                                (allow user_su_t system_dbusd_t (dbus (send_msg)))
                                (allow user_su_t self (dbus (send_msg)))
                                (allow system_dbusd_t user_su_t (dbus (send_msg)))
                                (allow user_su_t var_t (dir (getattr open search)))
                                (allow user_su_t var_lib_t (dir (getattr open search)))
                                (allow user_su_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_su_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow user_su_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_su_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow user_su_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow user_su_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow user_su_t var_run_t (lnk_file (read getattr)))
                                (allow user_su_t var_t (dir (getattr open search)))
                                (allow user_su_t var_run_t (dir (getattr open search)))
                                (allow user_su_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow user_su_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow user_su_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow user_su_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow user_su_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow user_su_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow user_su_t system_dbusd_runtime_t (sock_file (read)))
                                (allow user_su_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_su_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow user_su_t systemd_machined_t (unix_stream_socket (connectto)))
                                (allow user_su_t systemd_logind_t (dbus (send_msg)))
                                (allow systemd_logind_t user_su_t (dbus (send_msg)))
                                (allow systemd_logind_t user_su_t (dir (ioctl read getattr lock open search)))
                                (allow systemd_logind_t user_su_t (file (ioctl read getattr lock open)))
                                (allow user_su_t etc_t (dir (ioctl read getattr lock open search)))
                                (allow user_su_t etc_t (dir (getattr open search)))
                                (allow user_su_t etc_runtime_t (file (ioctl read getattr lock open)))
                                (allow user_su_t etc_t (dir (getattr open search)))
                                (allow user_su_t etc_runtime_t (lnk_file (read getattr)))
                            )
                            (optional unprivuser_optional_191
                                (typeattributeset cil_gen_require crond_t)
                                (allow user_su_t crond_t (fifo_file (ioctl read getattr lock open)))
                            )
                            (optional unprivuser_optional_192
                                (typeattributeset cil_gen_require security_t)
                                (typeattributeset cil_gen_require selinux_config_t)
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require krb5kdc_conf_t)
                                (typeattributeset cil_gen_require krb5_host_rcache_t)
                                (typeattributeset cil_gen_require krb5_conf_t)
                                (typeattributeset cil_gen_require krb5_home_t)
                                (typeattributeset cil_gen_require default_context_t)
                                (typeattributeset cil_gen_require file_context_t)
                                (typeattributeset cil_gen_require netlabel_peer_t)
                                (typeattributeset cil_gen_require netif_t)
                                (typeattributeset cil_gen_require node_t)
                                (typeattributeset cil_gen_require kerberos_client_packet_t)
                                (typeattributeset cil_gen_require kerberos_port_t)
                                (typeattributeset cil_gen_require ocsp_client_packet_t)
                                (typeattributeset cil_gen_require ocsp_port_t)
                                (allow user_su_t etc_t (dir (getattr open search)))
                                (allow user_su_t krb5_conf_t (file (ioctl read getattr lock open)))
                                (allow user_su_t user_home_dir_t (dir (getattr open search)))
                                (allow user_su_t home_root_t (dir (getattr open search)))
                                (allow user_su_t home_root_t (lnk_file (read getattr)))
                                (allow user_su_t krb5_home_t (file (ioctl read getattr lock open)))
                                (dontaudit user_su_t krb5_conf_t (file (ioctl write getattr lock append open)))
                                (dontaudit user_su_t krb5kdc_conf_t (dir (ioctl read getattr lock open search)))
                                (dontaudit user_su_t krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
                                (dontaudit user_su_t self (process (setfscreate)))
                                (dontaudit user_su_t security_t (dir (ioctl read getattr lock open search)))
                                (dontaudit user_su_t security_t (file (ioctl read write getattr map open)))
                                (dontaudit user_su_t security_t (security (check_context)))
                                (dontaudit user_su_t selinux_config_t (dir (getattr open search)))
                                (dontaudit user_su_t default_context_t (dir (getattr open search)))
                                (dontaudit user_su_t file_context_t (dir (getattr open search)))
                                (dontaudit user_su_t file_context_t (file (ioctl read getattr lock open)))
                                (dontaudit user_su_t file_context_t (file (map)))
                                (booleanif (allow_kerberos)
                                    (true
                                        (allow user_su_t krb5_host_rcache_t (file (getattr)))
                                        (allow user_su_t ocsp_port_t (tcp_socket (name_connect)))
                                        (allow user_su_t ocsp_client_packet_t (packet (recv)))
                                        (allow user_su_t ocsp_client_packet_t (packet (send)))
                                        (allow user_su_t kerberos_port_t (tcp_socket (name_connect)))
                                        (allow user_su_t kerberos_client_packet_t (packet (recv)))
                                        (allow user_su_t kerberos_client_packet_t (packet (send)))
                                        (allow user_su_t node_t (node (recvfrom)))
                                        (allow user_su_t node_t (node (sendto)))
                                        (allow user_su_t node_t (node (recvfrom sendto)))
                                        (allow user_su_t netif_t (netif (ingress)))
                                        (allow user_su_t netif_t (netif (egress)))
                                        (allow user_su_t netif_t (netif (ingress egress)))
                                        (allow user_su_t netlabel_peer_t (tcp_socket (recvfrom)))
                                        (allow user_su_t netlabel_peer_t (udp_socket (recvfrom)))
                                        (allow user_su_t netlabel_peer_t (rawip_socket (recvfrom)))
                                        (allow user_su_t netlabel_peer_t (peer (recv)))
                                        (allow user_su_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                        (allow user_su_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                    )
                                )
                                (optional unprivuser_optional_193
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require pcscd_t)
                                    (typeattributeset cil_gen_require pcscd_runtime_t)
                                    (booleanif (allow_kerberos)
                                        (true
                                            (allow pcscd_t user_su_t (file (ioctl read getattr lock open)))
                                            (allow pcscd_t user_su_t (dir (ioctl read getattr lock open search)))
                                            (allow user_su_t pcscd_t (unix_stream_socket (connectto)))
                                            (allow user_su_t pcscd_runtime_t (sock_file (write getattr append open)))
                                            (allow user_su_t pcscd_runtime_t (dir (getattr open search)))
                                            (allow user_su_t var_run_t (dir (getattr open search)))
                                            (allow user_su_t var_t (dir (getattr open search)))
                                            (allow user_su_t var_run_t (lnk_file (read getattr)))
                                        )
                                    )
                                )
                                (optional unprivuser_optional_194
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require sssd_public_t)
                                    (typeattributeset cil_gen_require sssd_var_lib_t)
                                    (allow user_su_t sssd_var_lib_t (dir (getattr open search)))
                                    (allow user_su_t var_t (dir (getattr open search)))
                                    (allow user_su_t var_lib_t (dir (getattr open search)))
                                    (allow user_su_t sssd_public_t (dir (ioctl read getattr lock open search)))
                                    (allow user_su_t sssd_public_t (dir (getattr open search)))
                                    (allow user_su_t sssd_public_t (file (ioctl read getattr lock open)))
                                )
                            )
                            (optional unprivuser_optional_195
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require crack_db_t)
                                (allow user_su_t var_t (dir (getattr open search)))
                                (allow user_su_t crack_db_t (dir (getattr open search)))
                                (allow user_su_t crack_db_t (file (ioctl read getattr lock open)))
                                (allow user_su_t crack_db_t (dir (getattr open search)))
                                (allow user_su_t crack_db_t (lnk_file (read getattr)))
                            )
                            (optional unprivuser_optional_196
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require xauth_home_t)
                                (typeattributeset cil_gen_require xauth_t)
                                (typeattributeset cil_gen_require xauth_exec_t)
                                (allow user_su_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (typetransition user_su_t user_home_dir_t file xauth_home_t)
                                (allow user_su_t home_root_t (dir (getattr open search)))
                                (allow user_su_t home_root_t (lnk_file (read getattr)))
                                (allow user_su_t xauth_exec_t (file (ioctl read getattr map execute open)))
                                (allow user_su_t xauth_t (process (transition)))
                                (dontaudit user_su_t xauth_t (process (noatsecure siginh rlimitinh)))
                                (typetransition user_su_t xauth_exec_t process xauth_t)
                                (allow xauth_t user_su_t (fd (use)))
                                (allow xauth_t user_su_t (fifo_file (ioctl read write getattr lock append)))
                                (allow xauth_t user_su_t (process (sigchld)))
                            )
                        )
                    )
                )
            )
            (optional unprivuser_optional_197
                (type user_sudo_t)
                (roletype object_r user_sudo_t)
                (typeattributeset cil_gen_require userdomain)
                (typeattributeset userdomain (user_t ))
                (typeattributeset cil_gen_require user_devpts_t)
                (typeattributeset cil_gen_require user_tty_device_t)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_t ))
                (typeattributeset cil_gen_require init_t)
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require sysfs_t)
                (typeattributeset cil_gen_require selinux_config_t)
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_t ))
                (typeattributeset cil_gen_require ptynode)
                (typeattributeset ptynode (user_devpts_t ))
                (typeattributeset cil_gen_require devpts_t)
                (typeattributeset cil_gen_require device_node)
                (typeattributeset device_node (user_devpts_t user_tty_device_t ))
                (typeattributeset cil_gen_require ttynode)
                (typeattributeset ttynode (user_tty_device_t ))
                (typeattributeset cil_gen_require console_device_t)
                (typeattributeset cil_gen_require tty_device_t)
                (typeattributeset cil_gen_require bsdpty_device_t)
                (typeattributeset cil_gen_require ptmx_t)
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require proc_t)
                (typeattributeset cil_gen_require sysctl_t)
                (typeattributeset cil_gen_require sysctl_kernel_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require locale_t)
                (typeattributeset cil_gen_require cert_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require syslogd_t)
                (typeattributeset cil_gen_require syslogd_runtime_t)
                (typeattributeset cil_gen_require devlog_t)
                (typeattributeset cil_gen_require init_runtime_t)
                (typeattributeset cil_gen_require user_home_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require nfs_t)
                (typeattributeset cil_gen_require cifs_t)
                (typeattributeset cil_gen_require user_tmp_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require user_runtime_t)
                (typeattributeset cil_gen_require user_runtime_root_t)
                (typeattributeset cil_gen_require urandom_device_t)
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (user_t ))
                (typeattributeset cil_gen_require autofs_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require initrc_runtime_t)
                (typeattributeset cil_gen_require default_context_t)
                (typeattributeset cil_gen_require kernel_t)
                (typeattributeset cil_gen_require random_device_t)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_t ))
                (typeattributeset cil_gen_require var_log_t)
                (typeattributeset cil_gen_require usb_device_t)
                (typeattributeset cil_gen_require fs_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require chkpwd_t)
                (typeattributeset cil_gen_require chkpwd_exec_t)
                (typeattributeset cil_gen_require shadow_t)
                (typeattributeset cil_gen_require auth_cache_t)
                (typeattributeset cil_gen_require faillog_t)
                (typeattributeset cil_gen_require sudo_exec_t)
                (typeattributeset cil_gen_require sudo_log_t)
                (typeattributeset cil_gen_require sudodomain)
                (typeattributeset cil_gen_require can_change_process_role)
                (typeattributeset cil_gen_require pam_runtime_t)
                (typeattributeset cil_gen_require can_read_shadow_passwords)
                (typeattributeset cil_gen_require pam_domain)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r chkpwd_t)
                (roletype user_r user_sudo_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (sudo_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (sudo_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_sudo_t ))
                (typeattributeset cil_gen_require pam_domain)
                (typeattributeset pam_domain (user_sudo_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (user_sudo_t ))
                (typeattributeset cil_gen_require sudodomain)
                (typeattributeset sudodomain (user_sudo_t ))
                (typeattributeset cil_gen_require can_read_shadow_passwords)
                (typeattributeset can_read_shadow_passwords (user_sudo_t ))
                (typeattributeset cil_gen_require can_change_process_role)
                (typeattributeset can_change_process_role (user_sudo_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_sudo_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (sudo_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_sudo_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (sudo_exec_t ))
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (user_sudo_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (sudo_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (sudo_exec_t ))
                (allow user_sudo_t sudo_exec_t (file (entrypoint)))
                (allow user_sudo_t sudo_exec_t (file (ioctl read getattr lock map execute open)))
                (allow user_sudo_t self (capability (chown dac_override fowner kill setgid setuid sys_nice sys_resource)))
                (allow user_sudo_t self (process (transition sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap share getattr noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate getrlimit)))
                (allow user_sudo_t self (process (setexec setrlimit)))
                (allow user_sudo_t self (fd (use)))
                (allow user_sudo_t self (fifo_file (ioctl read write getattr lock append open)))
                (allow user_sudo_t self (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
                (allow user_sudo_t self (sem (create destroy getattr setattr read write associate unix_read unix_write)))
                (allow user_sudo_t self (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
                (allow user_sudo_t self (msg (send receive)))
                (allow user_sudo_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_sudo_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_sudo_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                (allow user_sudo_t self (unix_dgram_socket (sendto)))
                (allow user_sudo_t self (unix_stream_socket (connectto)))
                (allow user_sudo_t self (key (view read write search link setattr create)))
                (dontaudit user_sudo_t self (capability (dac_read_search sys_ptrace)))
                (allow user_sudo_t sudo_log_t (dir (ioctl write getattr lock open add_name search)))
                (allow user_sudo_t sudo_log_t (file (ioctl create getattr lock append open)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_log_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition user_sudo_t var_log_t file sudo_log_t)
                (allow user_sudo_t var_log_t (lnk_file (read getattr)))
                (allow user_sudo_t user_t (process (getpgid)))
                (allow user_sudo_t user_t (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_sudo_t user_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t user_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t user_t (lnk_file (read getattr)))
                (allow user_sudo_t user_t (process (getattr)))
                (dontaudit user_sudo_t user_application_exec_domain (tcp_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (udp_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (rawip_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (packet_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (unix_stream_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (unix_dgram_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_route_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_tcpdiag_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_nflog_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_xfrm_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_selinux_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_audit_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_dnrt_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_kobject_uevent_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (appletalk_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (tun_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_iscsi_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_fib_lookup_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_connector_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_netfilter_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_generic_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_scsitransport_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_rdma_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netlink_crypto_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (sctp_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (icmp_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (ax25_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (ipx_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (netrom_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (atmpvc_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (x25_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (rose_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (decnet_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (atmsvc_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (rds_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (irda_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (pppox_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (llc_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (can_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (tipc_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (bluetooth_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (iucv_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (rxrpc_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (isdn_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (phonet_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (ieee802154_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (caif_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (alg_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (nfc_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (vsock_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (kcm_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (qipcrtr_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (smc_socket (read write)))
                (dontaudit user_sudo_t user_application_exec_domain (xdp_socket (read write)))
                (allow user_sudo_t bin_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (lnk_file (read getattr)))
                (allow user_sudo_t usr_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow user_sudo_t user_t (process (transition)))
                (dontaudit user_sudo_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_sudo_t shell_exec_t process user_t)
                (allow user_sudo_t bin_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (lnk_file (read getattr)))
                (allow user_sudo_t usr_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (file (ioctl read getattr map execute open)))
                (allow user_sudo_t user_t (process (transition)))
                (dontaudit user_sudo_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_sudo_t bin_t process user_t)
                (allow user_sudo_t proc_t (dir (getattr open search)))
                (allow user_sudo_t sysctl_t (dir (getattr open search)))
                (allow user_sudo_t sysctl_kernel_t (dir (getattr open search)))
                (allow user_sudo_t sysctl_kernel_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t proc_t (dir (getattr open search)))
                (allow user_sudo_t sysctl_t (dir (getattr open search)))
                (allow user_sudo_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t proc_t (dir (getattr open search)))
                (allow user_sudo_t proc_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t proc_t (dir (getattr open search)))
                (allow user_sudo_t proc_t (lnk_file (read getattr)))
                (allow user_sudo_t proc_t (dir (getattr open search)))
                (allow user_sudo_t proc_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t kernel_t (key (link)))
                (dontaudit user_sudo_t proc_t (filesystem (getattr)))
                (allow user_sudo_t bin_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (lnk_file (read getattr)))
                (allow user_sudo_t usr_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t exec_type (file (ioctl read getattr lock map execute open execute_no_trans)))
                (allow user_sudo_t bin_t (dir (getattr open search)))
                (allow user_sudo_t exec_type (lnk_file (read getattr)))
                (allow user_sudo_t device_t (filesystem (getattr)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t usb_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t sysfs_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t sysfs_t (lnk_file (read getattr)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t sysfs_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t privfd (fd (use)))
                (allow user_sudo_t privfd (process (sigchld)))
                (allow user_sudo_t entry_type (lnk_file (read getattr)))
                (allow user_sudo_t entry_type (file (getattr)))
                (allow user_sudo_t etc_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t etc_t (dir (getattr open search)))
                (allow user_sudo_t etc_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t etc_t (dir (getattr open search)))
                (allow user_sudo_t etc_t (lnk_file (read getattr)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t usr_t (dir (getattr open search)))
                (allow user_sudo_t usr_t (lnk_file (read getattr)))
                (allow user_sudo_t usr_t (dir (getattr open search)))
                (allow user_sudo_t usr_t (file (getattr)))
                (dontaudit user_sudo_t home_root_t (dir (getattr open search)))
                (dontaudit user_sudo_t home_root_t (lnk_file (read getattr)))
                (allow user_sudo_t tmp_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t autofs_t (dir (getattr open search)))
                (allow user_sudo_t fs_t (filesystem (getattr)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t security_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t security_t (file (ioctl read write getattr map open)))
                (allow user_sudo_t security_t (security (check_context)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t security_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t security_t (file (ioctl read write getattr map open)))
                (allow user_sudo_t security_t (security (compute_relabel)))
                (allow user_sudo_t devpts_t (filesystem (getattr)))
                (dontaudit user_sudo_t tty_device_t (chr_file (getattr)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t device_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t device_t (lnk_file (read getattr)))
                (allow user_sudo_t ttynode (chr_file (getattr relabelfrom relabelto)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t device_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t device_t (lnk_file (read getattr)))
                (allow user_sudo_t devpts_t (dir (getattr open search)))
                (allow user_sudo_t ptynode (chr_file (getattr relabelfrom relabelto)))
                (allow user_sudo_t auth_cache_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (lnk_file (read getattr)))
                (allow user_sudo_t usr_t (dir (getattr open search)))
                (allow user_sudo_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_sudo_t chkpwd_t (process (transition)))
                (dontaudit user_sudo_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_sudo_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t user_sudo_t (fd (use)))
                (allow chkpwd_t user_sudo_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t user_sudo_t (process (sigchld)))
                (dontaudit user_sudo_t shadow_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_log_t (dir (getattr open search)))
                (allow user_sudo_t var_log_t (lnk_file (read getattr)))
                (allow user_sudo_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow user_sudo_t self (capability (audit_write)))
                (allow user_sudo_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow user_sudo_t cert_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t cert_t (dir (getattr open search)))
                (allow user_sudo_t cert_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t cert_t (dir (getattr open search)))
                (allow user_sudo_t cert_t (lnk_file (read getattr)))
                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_run_t (dir (getattr open search)))
                (allow user_sudo_t pam_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_sudo_t pam_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_run_t (dir (getattr open search)))
                (allow user_sudo_t pam_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_sudo_t pam_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_sudo_t auth_cache_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (lnk_file (read getattr)))
                (allow user_sudo_t usr_t (dir (getattr open search)))
                (allow user_sudo_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_sudo_t chkpwd_t (process (transition)))
                (dontaudit user_sudo_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_sudo_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t user_sudo_t (fd (use)))
                (allow chkpwd_t user_sudo_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t user_sudo_t (process (sigchld)))
                (dontaudit user_sudo_t shadow_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_log_t (dir (getattr open search)))
                (allow user_sudo_t var_log_t (lnk_file (read getattr)))
                (allow user_sudo_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow user_sudo_t self (capability (audit_write)))
                (allow user_sudo_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow user_sudo_t cert_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t cert_t (dir (getattr open search)))
                (allow user_sudo_t cert_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t cert_t (dir (getattr open search)))
                (allow user_sudo_t cert_t (lnk_file (read getattr)))
                (allow user_sudo_t security_t (filesystem (getattr)))
                (allow user_sudo_t sysfs_t (filesystem (getattr)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t security_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t security_t (file (ioctl read getattr map open)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                (allow user_sudo_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_sudo_t init_t (process (getpgid)))
                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_run_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
                (allow user_sudo_t self (capability (audit_write)))
                (allow user_sudo_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow user_sudo_t devlog_t (sock_file (write getattr append open)))
                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_run_t (dir (getattr open search)))
                (allow user_sudo_t init_runtime_t (dir (getattr open search)))
                (allow user_sudo_t syslogd_runtime_t (dir (getattr open search)))
                (allow user_sudo_t syslogd_t (unix_dgram_socket (sendto)))
                (allow user_sudo_t syslogd_t (unix_stream_socket (connectto)))
                (allow user_sudo_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_sudo_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t device_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t device_t (lnk_file (read getattr)))
                (allow user_sudo_t console_device_t (chr_file (ioctl write getattr lock append open)))
                (dontaudit user_sudo_t console_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_sudo_t etc_t (dir (getattr open search)))
                (allow user_sudo_t etc_t (lnk_file (read getattr)))
                (allow user_sudo_t usr_t (dir (getattr open search)))
                (allow user_sudo_t locale_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t locale_t (dir (getattr open search)))
                (allow user_sudo_t locale_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t locale_t (dir (getattr open search)))
                (allow user_sudo_t locale_t (lnk_file (read getattr)))
                (allow user_sudo_t locale_t (file (map)))
                (allow user_sudo_t etc_t (dir (getattr open search)))
                (allow user_sudo_t selinux_config_t (dir (getattr open search)))
                (allow user_sudo_t default_context_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t default_context_t (dir (getattr open search)))
                (allow user_sudo_t default_context_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t security_t (filesystem (getattr)))
                (allow user_sudo_t sysfs_t (filesystem (getattr)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t sysfs_t (dir (getattr open search)))
                (allow user_sudo_t proc_t (dir (getattr open search)))
                (allow user_sudo_t proc_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t proc_t (dir (getattr open search)))
                (allow user_sudo_t proc_t (lnk_file (read getattr)))
                (allow user_sudo_t proc_t (dir (getattr open search)))
                (allow user_sudo_t proc_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t etc_t (dir (getattr open search)))
                (allow user_sudo_t selinux_config_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t selinux_config_t (dir (getattr open search)))
                (allow user_sudo_t selinux_config_t (file (ioctl read getattr lock open)))
                (allow user_sudo_t selinux_config_t (dir (getattr open search)))
                (allow user_sudo_t selinux_config_t (lnk_file (read getattr)))
                (allow user_sudo_t bin_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (lnk_file (read getattr)))
                (allow user_sudo_t usr_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (dir (getattr open search)))
                (allow user_sudo_t bin_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow user_sudo_t userdomain (process (transition)))
                (dontaudit user_sudo_t userdomain (process (noatsecure siginh rlimitinh)))
                (allow userdomain user_sudo_t (fd (use)))
                (allow userdomain user_sudo_t (fifo_file (ioctl read write getattr lock append)))
                (allow userdomain user_sudo_t (process (sigchld)))
                (allow user_sudo_t userdomain (key (create)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t device_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t device_t (lnk_file (read getattr)))
                (allow user_sudo_t ptmx_t (chr_file (ioctl read write getattr lock append open)))
                (allow user_sudo_t devpts_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t devpts_t (filesystem (getattr)))
                (dontaudit user_sudo_t bsdpty_device_t (chr_file (read write getattr)))
                (typetransition user_sudo_t devpts_t chr_file user_devpts_t)
                (allow user_sudo_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_sudo_t user_home_t (file (ioctl read write create getattr setattr lock append map unlink link rename open)))
                (allow user_sudo_t user_home_dir_t (dir (getattr open search)))
                (allow user_sudo_t home_root_t (dir (getattr open search)))
                (allow user_sudo_t home_root_t (lnk_file (read getattr)))
                (allow user_sudo_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_sudo_t user_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_sudo_t user_home_dir_t (dir (getattr open search)))
                (allow user_sudo_t home_root_t (dir (getattr open search)))
                (allow user_sudo_t home_root_t (lnk_file (read getattr)))
                (allow user_sudo_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_sudo_t user_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_sudo_t tmp_t (dir (getattr open search)))
                (allow user_sudo_t user_runtime_t (dir (getattr open search)))
                (allow user_sudo_t user_runtime_root_t (dir (getattr open search)))
                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_run_t (dir (getattr open search)))
                (allow user_sudo_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_sudo_t user_tmp_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_sudo_t tmp_t (dir (getattr open search)))
                (allow user_sudo_t user_runtime_t (dir (getattr open search)))
                (allow user_sudo_t user_runtime_root_t (dir (getattr open search)))
                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                (allow user_sudo_t var_t (dir (getattr open search)))
                (allow user_sudo_t var_run_t (dir (getattr open search)))
                (allow user_sudo_t user_devpts_t (chr_file (setattr)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t device_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t device_t (dir (getattr open search)))
                (allow user_sudo_t device_t (lnk_file (read getattr)))
                (allow user_sudo_t devpts_t (dir (ioctl read getattr lock open search)))
                (allow user_sudo_t user_devpts_t (chr_file (ioctl read write getattr append open)))
                (allow user_sudo_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
                (dontaudit user_sudo_t user_tmp_t (fifo_file (ioctl read write getattr lock append open)))
                (dontaudit user_sudo_t user_home_t (dir (getattr open search)))
                (dontaudit user_sudo_t user_home_dir_t (dir (getattr open search)))
                (allow user_sudo_t userdomain (process (signal)))
                (dontaudit user_sudo_t device_node (blk_file (getattr)))
                (dontaudit user_sudo_t device_t (blk_file (getattr)))
                (dontaudit user_sudo_t device_node (chr_file (getattr)))
                (dontaudit user_sudo_t device_t (chr_file (getattr)))
                (typetransition user_sudo_t var_run_t dir "sudo" pam_runtime_t)
                (booleanif (use_samba_home_dirs)
                    (true
                        (allow user_sudo_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                        (allow user_sudo_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                    )
                )
                (booleanif (use_nfs_home_dirs)
                    (true
                        (allow user_sudo_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                        (allow user_sudo_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                    )
                )
                (booleanif (sudo_allow_user_exec_domains)
                    (true
                        (allow user_application_exec_domain user_sudo_t (process (sigchld sigkill sigstop signull signal)))
                        (allow user_application_exec_domain user_sudo_t (fifo_file (ioctl read write getattr lock append open)))
                        (allow user_application_exec_domain user_sudo_t (fd (use)))
                        (allow user_sudo_t user_application_exec_domain (process (sigchld)))
                        (allow user_sudo_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow user_sudo_t user_application_exec_domain (fd (use)))
                        (typetransition user_application_exec_domain sudo_exec_t process user_sudo_t)
                        (dontaudit user_application_exec_domain user_sudo_t (process (noatsecure siginh rlimitinh)))
                        (allow user_application_exec_domain user_sudo_t (process (transition)))
                        (allow user_application_exec_domain sudo_exec_t (file (ioctl read getattr map execute open)))
                        (allow user_sudo_t user_application_exec_domain (process (signal)))
                        (allow user_sudo_t user_application_exec_domain (process (getattr)))
                        (allow user_sudo_t user_application_exec_domain (lnk_file (read getattr)))
                        (allow user_sudo_t user_application_exec_domain (file (ioctl read getattr lock open)))
                        (allow user_sudo_t user_application_exec_domain (dir (ioctl read getattr lock open search)))
                        (allow user_sudo_t user_application_exec_domain (key (search)))
                    )
                    (false
                        (allow user_t user_sudo_t (process (sigchld sigkill sigstop signull signal)))
                        (allow user_t user_sudo_t (fifo_file (ioctl read write getattr lock append open)))
                        (allow user_t user_sudo_t (fd (use)))
                        (allow user_sudo_t user_t (process (sigchld)))
                        (allow user_sudo_t user_t (fifo_file (ioctl read write getattr lock append)))
                        (allow user_sudo_t user_t (fd (use)))
                        (typetransition user_t sudo_exec_t process user_sudo_t)
                        (dontaudit user_t user_sudo_t (process (noatsecure siginh rlimitinh)))
                        (allow user_t user_sudo_t (process (transition)))
                        (allow user_t sudo_exec_t (file (ioctl read getattr map execute open)))
                        (allow user_sudo_t user_t (process (signal)))
                        (allow user_sudo_t user_t (key (search)))
                    )
                )
                (booleanif (allow_polyinstantiation)
                    (true
                        (allow user_sudo_t fs_t (filesystem (unmount)))
                        (allow user_sudo_t fs_t (filesystem (mount)))
                        (allow user_sudo_t self (capability (sys_admin)))
                    )
                )
                (optional unprivuser_optional_198
                    (typeattributeset cil_gen_require init_t)
                    (allow user_sudo_t init_t (process (sigchld)))
                    (allow user_sudo_t init_t (process (signull)))
                    (optional unprivuser_optional_199
                        (typeattributeset cil_gen_require rpm_t)
                        (allow user_sudo_t rpm_t (fd (use)))
                        (allow user_sudo_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional unprivuser_optional_200
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit user_sudo_t security_t (filesystem (getattr)))
                        (dontaudit user_sudo_t sysfs_t (filesystem (getattr)))
                        (dontaudit user_sudo_t sysfs_t (dir (getattr open search)))
                        (dontaudit user_sudo_t security_t (dir (getattr open search)))
                        (dontaudit user_sudo_t security_t (file (ioctl read getattr lock open)))
                        (optional unprivuser_optional_201
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit user_sudo_t selinux_config_t (dir (getattr open search)))
                            (dontaudit user_sudo_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional unprivuser_optional_202
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require krb5_keytab_t)
                                (allow user_sudo_t etc_t (dir (getattr open search)))
                                (allow user_sudo_t krb5_keytab_t (file (ioctl read getattr lock open)))
                            )
                            (optional unprivuser_optional_203
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require pcscd_t)
                                (typeattributeset cil_gen_require pcscd_runtime_t)
                                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow user_sudo_t var_t (dir (getattr open search)))
                                (allow user_sudo_t var_run_t (dir (getattr open search)))
                                (allow user_sudo_t pcscd_runtime_t (dir (getattr open search)))
                                (allow user_sudo_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow user_sudo_t var_t (dir (getattr open search)))
                                (allow user_sudo_t var_run_t (dir (getattr open search)))
                                (allow user_sudo_t pcscd_runtime_t (dir (getattr open search)))
                                (allow user_sudo_t pcscd_runtime_t (sock_file (write getattr append open)))
                                (allow user_sudo_t pcscd_t (unix_stream_socket (connectto)))
                                (allow pcscd_t user_sudo_t (dir (ioctl read getattr lock open search)))
                                (allow pcscd_t user_sudo_t (file (ioctl read getattr lock open)))
                            )
                            (optional unprivuser_optional_204
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require krb5_keytab_t)
                                (allow user_sudo_t etc_t (dir (getattr open search)))
                                (allow user_sudo_t krb5_keytab_t (file (ioctl read getattr lock open)))
                            )
                            (optional unprivuser_optional_205
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require pcscd_t)
                                (typeattributeset cil_gen_require pcscd_runtime_t)
                                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow user_sudo_t var_t (dir (getattr open search)))
                                (allow user_sudo_t var_run_t (dir (getattr open search)))
                                (allow user_sudo_t pcscd_runtime_t (dir (getattr open search)))
                                (allow user_sudo_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow user_sudo_t var_t (dir (getattr open search)))
                                (allow user_sudo_t var_run_t (dir (getattr open search)))
                                (allow user_sudo_t pcscd_runtime_t (dir (getattr open search)))
                                (allow user_sudo_t pcscd_runtime_t (sock_file (write getattr append open)))
                                (allow user_sudo_t pcscd_t (unix_stream_socket (connectto)))
                                (allow pcscd_t user_sudo_t (dir (ioctl read getattr lock open search)))
                                (allow pcscd_t user_sudo_t (file (ioctl read getattr lock open)))
                            )
                            (optional unprivuser_optional_206
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (user_sudo_t ))
                                (allow user_sudo_t system_dbusd_t (dbus (send_msg)))
                                (allow user_sudo_t self (dbus (send_msg)))
                                (allow system_dbusd_t user_sudo_t (dbus (send_msg)))
                                (allow user_sudo_t var_t (dir (getattr open search)))
                                (allow user_sudo_t var_lib_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow user_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow user_sudo_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow user_sudo_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow user_sudo_t var_t (dir (getattr open search)))
                                (allow user_sudo_t var_run_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow user_sudo_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow user_sudo_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow user_sudo_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow user_sudo_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow user_sudo_t system_dbusd_runtime_t (sock_file (read)))
                                (allow user_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (optional unprivuser_optional_207
                                    (typeattributeset cil_gen_require fprintd_t)
                                    (allow user_sudo_t fprintd_t (dbus (send_msg)))
                                    (allow fprintd_t user_sudo_t (dbus (send_msg)))
                                )
                                (optional unprivuser_optional_208
                                    (typeattributeset cil_gen_require systemd_logind_t)
                                    (typeattributeset cil_gen_require systemd_sessions_runtime_t)
                                    (allow user_sudo_t systemd_logind_t (dbus (send_msg)))
                                    (allow systemd_logind_t user_sudo_t (dbus (send_msg)))
                                    (allow user_sudo_t systemd_logind_t (fd (use)))
                                    (allow user_sudo_t systemd_sessions_runtime_t (fifo_file (write)))
                                    (allow systemd_logind_t user_sudo_t (process (signal)))
                                )
                            )
                            (optional unprivuser_optional_209
                                (typeattributeset cil_gen_require security_t)
                                (typeattributeset cil_gen_require sysfs_t)
                                (typeattributeset cil_gen_require selinux_config_t)
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require tmp_t)
                                (typeattributeset cil_gen_require krb5_host_rcache_t)
                                (typeattributeset cil_gen_require krb5_conf_t)
                                (typeattributeset cil_gen_require krb5_home_t)
                                (typeattributeset cil_gen_require default_context_t)
                                (typeattributeset cil_gen_require file_context_t)
                                (typeattributeset cil_gen_require can_change_object_identity)
                                (typeattributeset cil_gen_require can_change_object_identity)
                                (typeattributeset can_change_object_identity (user_sudo_t ))
                                (allow user_sudo_t etc_t (dir (getattr open search)))
                                (allow user_sudo_t krb5_conf_t (file (ioctl read getattr lock open)))
                                (allow user_sudo_t user_home_dir_t (dir (getattr open search)))
                                (allow user_sudo_t home_root_t (dir (getattr open search)))
                                (allow user_sudo_t home_root_t (lnk_file (read getattr)))
                                (allow user_sudo_t krb5_home_t (file (ioctl read getattr lock open)))
                                (booleanif (allow_kerberos)
                                    (true
                                        (allow user_sudo_t krb5_host_rcache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                        (allow user_sudo_t tmp_t (dir (getattr open search)))
                                        (allow user_sudo_t file_context_t (file (map)))
                                        (allow user_sudo_t file_context_t (file (ioctl read getattr lock open)))
                                        (allow user_sudo_t file_context_t (dir (getattr open search)))
                                        (allow user_sudo_t selinux_config_t (dir (getattr open search)))
                                        (allow user_sudo_t default_context_t (dir (getattr open search)))
                                        (allow user_sudo_t etc_t (dir (getattr open search)))
                                        (allow user_sudo_t security_t (security (check_context)))
                                        (allow user_sudo_t security_t (file (ioctl read write getattr map open)))
                                        (allow user_sudo_t security_t (dir (ioctl read getattr lock open search)))
                                        (allow user_sudo_t sysfs_t (dir (getattr open search)))
                                        (allow user_sudo_t sysfs_t (dir (getattr open search)))
                                        (allow user_sudo_t self (process (setfscreate)))
                                    )
                                )
                            )
                            (optional unprivuser_optional_210
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require etc_runtime_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require systemd_machined_t)
                                (typeattributeset cil_gen_require systemd_logind_t)
                                (typeattributeset cil_gen_require systemd_sessions_runtime_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (user_sudo_t ))
                                (allow user_sudo_t system_dbusd_t (dbus (send_msg)))
                                (allow user_sudo_t self (dbus (send_msg)))
                                (allow system_dbusd_t user_sudo_t (dbus (send_msg)))
                                (allow user_sudo_t var_t (dir (getattr open search)))
                                (allow user_sudo_t var_lib_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow user_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow user_sudo_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow user_sudo_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow user_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow user_sudo_t var_t (dir (getattr open search)))
                                (allow user_sudo_t var_run_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow user_sudo_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow user_sudo_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow user_sudo_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow user_sudo_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow user_sudo_t system_dbusd_runtime_t (sock_file (read)))
                                (allow user_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow user_sudo_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow user_sudo_t systemd_machined_t (unix_stream_socket (connectto)))
                                (allow user_sudo_t systemd_logind_t (dbus (send_msg)))
                                (allow systemd_logind_t user_sudo_t (dbus (send_msg)))
                                (allow systemd_logind_t user_sudo_t (dir (ioctl read getattr lock open search)))
                                (allow systemd_logind_t user_sudo_t (file (ioctl read getattr lock open)))
                                (allow user_sudo_t etc_t (dir (ioctl read getattr lock open search)))
                                (allow user_sudo_t etc_t (dir (getattr open search)))
                                (allow user_sudo_t etc_runtime_t (file (ioctl read getattr lock open)))
                                (allow user_sudo_t etc_t (dir (getattr open search)))
                                (allow user_sudo_t etc_runtime_t (lnk_file (read getattr)))
                                (allow user_sudo_t systemd_logind_t (dbus (send_msg)))
                                (allow systemd_logind_t user_sudo_t (dbus (send_msg)))
                                (allow user_sudo_t systemd_logind_t (fd (use)))
                                (allow user_sudo_t systemd_sessions_runtime_t (fifo_file (write)))
                                (allow systemd_logind_t user_sudo_t (process (signal)))
                            )
                            (optional unprivuser_optional_211
                                (typeattributeset cil_gen_require fprintd_t)
                                (allow user_sudo_t fprintd_t (dbus (send_msg)))
                                (allow fprintd_t user_sudo_t (dbus (send_msg)))
                            )
                            (optional unprivuser_optional_212
                                (typeattributeset cil_gen_require sudomain)
                                (allow user_sudo_t sudomain (process (signal)))
                            )
                        )
                    )
                )
            )
            (optional unprivuser_optional_213
                (roleattributeset cil_gen_require syncthing_roles)
                (typeattributeset cil_gen_require syncthing_t)
                (typeattributeset cil_gen_require syncthing_exec_t)
                (typeattributeset cil_gen_require syncthing_xdg_config_t)
                (roleattributeset cil_gen_require syncthing_roles)
                (roleattributeset syncthing_roles (user_r ))
                (allow user_application_exec_domain syncthing_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain syncthing_t (process (transition)))
                (dontaudit user_application_exec_domain syncthing_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain syncthing_exec_t process syncthing_t)
                (allow syncthing_t user_application_exec_domain (fd (use)))
                (allow syncthing_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow syncthing_t user_application_exec_domain (process (sigchld)))
                (allow user_t syncthing_xdg_config_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t syncthing_xdg_config_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t syncthing_xdg_config_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (optional unprivuser_optional_214
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t syncthing_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t syncthing_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t syncthing_t (lnk_file (read getattr)))
                    (allow user_systemd_t syncthing_t (process (getattr)))
                    (allow user_systemd_t syncthing_t (process (sigchld sigkill sigstop signull signal)))
                    (allow syncthing_t user_systemd_t (fd (use)))
                    (allow syncthing_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow syncthing_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow syncthing_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow syncthing_t user_systemd_t (lnk_file (read getattr)))
                    (allow syncthing_t user_systemd_t (process (getattr)))
                    (allow syncthing_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_215
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require user_dbusd_t)
                (typeattributeset cil_gen_require dbusd_session_bus_client)
                (typeattributeset cil_gen_require telepathy_domain)
                (typeattributeset cil_gen_require telepathy_tmp_content)
                (typeattributeset cil_gen_require telepathy_gabble_t)
                (typeattributeset cil_gen_require telepathy_sofiasip_t)
                (typeattributeset cil_gen_require telepathy_idle_t)
                (typeattributeset cil_gen_require telepathy_mission_control_t)
                (typeattributeset cil_gen_require telepathy_salut_t)
                (typeattributeset cil_gen_require telepathy_sunshine_t)
                (typeattributeset cil_gen_require telepathy_stream_engine_t)
                (typeattributeset cil_gen_require telepathy_msn_t)
                (typeattributeset cil_gen_require telepathy_gabble_exec_t)
                (typeattributeset cil_gen_require telepathy_sofiasip_exec_t)
                (typeattributeset cil_gen_require telepathy_idle_exec_t)
                (typeattributeset cil_gen_require telepathy_logger_t)
                (typeattributeset cil_gen_require telepathy_logger_exec_t)
                (typeattributeset cil_gen_require telepathy_mission_control_exec_t)
                (typeattributeset cil_gen_require telepathy_salut_exec_t)
                (typeattributeset cil_gen_require telepathy_sunshine_exec_t)
                (typeattributeset cil_gen_require telepathy_stream_engine_exec_t)
                (typeattributeset cil_gen_require telepathy_msn_exec_t)
                (typeattributeset cil_gen_require telepathy_mission_control_xdg_cache_t)
                (typeattributeset cil_gen_require telepathy_xdg_cache_t)
                (typeattributeset cil_gen_require telepathy_logger_xdg_cache_t)
                (typeattributeset cil_gen_require telepathy_gabble_xdg_cache_t)
                (typeattributeset cil_gen_require telepathy_xdg_data_t)
                (typeattributeset cil_gen_require telepathy_mission_control_xdg_data_t)
                (typeattributeset cil_gen_require telepathy_sunshine_home_t)
                (typeattributeset cil_gen_require telepathy_logger_xdg_data_t)
                (typeattributeset cil_gen_require telepathy_mission_control_home_t)
                (typeattributeset cil_gen_require telepathy_gabble_tmp_t)
                (typeattributeset cil_gen_require telepathy_msn_tmp_t)
                (typeattributeset cil_gen_require telepathy_salut_tmp_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r telepathy_domain)
                (typeattributeset cil_gen_require dbusd_session_bus_client)
                (typeattributeset dbusd_session_bus_client (telepathy_gabble_t telepathy_sofiasip_t telepathy_idle_t telepathy_mission_control_t telepathy_salut_t telepathy_sunshine_t telepathy_stream_engine_t telepathy_msn_t telepathy_logger_t ))
                (allow user_application_exec_domain telepathy_domain (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain telepathy_domain (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain telepathy_domain (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain telepathy_domain (lnk_file (read getattr)))
                (allow user_application_exec_domain telepathy_domain (process (getattr)))
                (allow user_application_exec_domain tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain telepathy_gabble_tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain telepathy_gabble_tmp_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain telepathy_gabble_t (unix_stream_socket (connectto)))
                (allow user_application_exec_domain tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain telepathy_msn_tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain telepathy_msn_tmp_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain telepathy_msn_t (unix_stream_socket (connectto)))
                (allow user_application_exec_domain tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain telepathy_salut_tmp_t (dir (getattr open search)))
                (allow user_application_exec_domain telepathy_salut_tmp_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain telepathy_salut_t (unix_stream_socket (connectto)))
                (allow user_dbusd_t telepathy_gabble_exec_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t telepathy_gabble_t (process (transition)))
                (dontaudit user_dbusd_t telepathy_gabble_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t telepathy_gabble_exec_t process telepathy_gabble_t)
                (allow telepathy_gabble_t user_dbusd_t (fd (use)))
                (allow telepathy_gabble_t user_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_gabble_t user_dbusd_t (process (sigchld)))
                (allow telepathy_gabble_t user_dbusd_t (dbus (send_msg)))
                (allow telepathy_gabble_t self (dbus (send_msg)))
                (allow user_dbusd_t telepathy_gabble_t (dbus (send_msg)))
                (allow telepathy_gabble_t user_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_gabble_t user_dbusd_t (fd (use)))
                (allow telepathy_gabble_t user_dbusd_t (dbus (acquire_svc)))
                (allow user_dbusd_t telepathy_sofiasip_exec_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t telepathy_sofiasip_t (process (transition)))
                (dontaudit user_dbusd_t telepathy_sofiasip_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t telepathy_sofiasip_exec_t process telepathy_sofiasip_t)
                (allow telepathy_sofiasip_t user_dbusd_t (fd (use)))
                (allow telepathy_sofiasip_t user_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_sofiasip_t user_dbusd_t (process (sigchld)))
                (allow telepathy_sofiasip_t user_dbusd_t (dbus (send_msg)))
                (allow telepathy_sofiasip_t self (dbus (send_msg)))
                (allow user_dbusd_t telepathy_sofiasip_t (dbus (send_msg)))
                (allow telepathy_sofiasip_t user_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_sofiasip_t user_dbusd_t (fd (use)))
                (allow telepathy_sofiasip_t user_dbusd_t (dbus (acquire_svc)))
                (allow user_dbusd_t telepathy_idle_exec_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t telepathy_idle_t (process (transition)))
                (dontaudit user_dbusd_t telepathy_idle_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t telepathy_idle_exec_t process telepathy_idle_t)
                (allow telepathy_idle_t user_dbusd_t (fd (use)))
                (allow telepathy_idle_t user_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_idle_t user_dbusd_t (process (sigchld)))
                (allow telepathy_idle_t user_dbusd_t (dbus (send_msg)))
                (allow telepathy_idle_t self (dbus (send_msg)))
                (allow user_dbusd_t telepathy_idle_t (dbus (send_msg)))
                (allow telepathy_idle_t user_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_idle_t user_dbusd_t (fd (use)))
                (allow telepathy_idle_t user_dbusd_t (dbus (acquire_svc)))
                (allow user_dbusd_t telepathy_logger_exec_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t telepathy_logger_t (process (transition)))
                (dontaudit user_dbusd_t telepathy_logger_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t telepathy_logger_exec_t process telepathy_logger_t)
                (allow telepathy_logger_t user_dbusd_t (fd (use)))
                (allow telepathy_logger_t user_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_logger_t user_dbusd_t (process (sigchld)))
                (allow telepathy_logger_t user_dbusd_t (dbus (send_msg)))
                (allow telepathy_logger_t self (dbus (send_msg)))
                (allow user_dbusd_t telepathy_logger_t (dbus (send_msg)))
                (allow telepathy_logger_t user_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_logger_t user_dbusd_t (fd (use)))
                (allow telepathy_logger_t user_dbusd_t (dbus (acquire_svc)))
                (allow user_dbusd_t telepathy_mission_control_exec_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t telepathy_mission_control_t (process (transition)))
                (dontaudit user_dbusd_t telepathy_mission_control_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t telepathy_mission_control_exec_t process telepathy_mission_control_t)
                (allow telepathy_mission_control_t user_dbusd_t (fd (use)))
                (allow telepathy_mission_control_t user_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_mission_control_t user_dbusd_t (process (sigchld)))
                (allow telepathy_mission_control_t user_dbusd_t (dbus (send_msg)))
                (allow telepathy_mission_control_t self (dbus (send_msg)))
                (allow user_dbusd_t telepathy_mission_control_t (dbus (send_msg)))
                (allow telepathy_mission_control_t user_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_mission_control_t user_dbusd_t (fd (use)))
                (allow telepathy_mission_control_t user_dbusd_t (dbus (acquire_svc)))
                (allow user_dbusd_t telepathy_salut_exec_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t telepathy_salut_t (process (transition)))
                (dontaudit user_dbusd_t telepathy_salut_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t telepathy_salut_exec_t process telepathy_salut_t)
                (allow telepathy_salut_t user_dbusd_t (fd (use)))
                (allow telepathy_salut_t user_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_salut_t user_dbusd_t (process (sigchld)))
                (allow telepathy_salut_t user_dbusd_t (dbus (send_msg)))
                (allow telepathy_salut_t self (dbus (send_msg)))
                (allow user_dbusd_t telepathy_salut_t (dbus (send_msg)))
                (allow telepathy_salut_t user_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_salut_t user_dbusd_t (fd (use)))
                (allow telepathy_salut_t user_dbusd_t (dbus (acquire_svc)))
                (allow user_dbusd_t telepathy_sunshine_exec_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t telepathy_sunshine_t (process (transition)))
                (dontaudit user_dbusd_t telepathy_sunshine_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t telepathy_sunshine_exec_t process telepathy_sunshine_t)
                (allow telepathy_sunshine_t user_dbusd_t (fd (use)))
                (allow telepathy_sunshine_t user_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_sunshine_t user_dbusd_t (process (sigchld)))
                (allow telepathy_sunshine_t user_dbusd_t (dbus (send_msg)))
                (allow telepathy_sunshine_t self (dbus (send_msg)))
                (allow user_dbusd_t telepathy_sunshine_t (dbus (send_msg)))
                (allow telepathy_sunshine_t user_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_sunshine_t user_dbusd_t (fd (use)))
                (allow telepathy_sunshine_t user_dbusd_t (dbus (acquire_svc)))
                (allow user_dbusd_t telepathy_stream_engine_exec_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t telepathy_stream_engine_t (process (transition)))
                (dontaudit user_dbusd_t telepathy_stream_engine_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t telepathy_stream_engine_exec_t process telepathy_stream_engine_t)
                (allow telepathy_stream_engine_t user_dbusd_t (fd (use)))
                (allow telepathy_stream_engine_t user_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_stream_engine_t user_dbusd_t (process (sigchld)))
                (allow telepathy_stream_engine_t user_dbusd_t (dbus (send_msg)))
                (allow telepathy_stream_engine_t self (dbus (send_msg)))
                (allow user_dbusd_t telepathy_stream_engine_t (dbus (send_msg)))
                (allow telepathy_stream_engine_t user_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_stream_engine_t user_dbusd_t (fd (use)))
                (allow telepathy_stream_engine_t user_dbusd_t (dbus (acquire_svc)))
                (allow user_dbusd_t telepathy_msn_exec_t (file (ioctl read getattr map execute open)))
                (allow user_dbusd_t telepathy_msn_t (process (transition)))
                (dontaudit user_dbusd_t telepathy_msn_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_dbusd_t telepathy_msn_exec_t process telepathy_msn_t)
                (allow telepathy_msn_t user_dbusd_t (fd (use)))
                (allow telepathy_msn_t user_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_msn_t user_dbusd_t (process (sigchld)))
                (allow telepathy_msn_t user_dbusd_t (dbus (send_msg)))
                (allow telepathy_msn_t self (dbus (send_msg)))
                (allow user_dbusd_t telepathy_msn_t (dbus (send_msg)))
                (allow telepathy_msn_t user_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_msn_t user_dbusd_t (fd (use)))
                (allow telepathy_msn_t user_dbusd_t (dbus (acquire_svc)))
                (allow user_t telepathy_mission_control_xdg_cache_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t telepathy_xdg_cache_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t telepathy_logger_xdg_cache_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t telepathy_gabble_xdg_cache_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t telepathy_xdg_data_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t telepathy_mission_control_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t telepathy_mission_control_xdg_data_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t telepathy_sunshine_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t telepathy_logger_xdg_data_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t telepathy_mission_control_xdg_cache_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t telepathy_xdg_cache_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t telepathy_logger_xdg_cache_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t telepathy_gabble_xdg_cache_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t telepathy_xdg_data_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t telepathy_mission_control_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t telepathy_mission_control_xdg_data_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t telepathy_sunshine_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t telepathy_logger_xdg_data_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t telepathy_xdg_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t telepathy_xdg_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t telepathy_xdg_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t telepathy_tmp_content (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t telepathy_tmp_content (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t telepathy_tmp_content (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_application_exec_domain telepathy_mission_control_t (dbus (send_msg)))
                (allow telepathy_mission_control_t user_application_exec_domain (dbus (send_msg)))
                (typetransition user_t user_home_dir_t dir ".telepathy-sunshine" telepathy_sunshine_home_t)
                (typetransition user_t telepathy_xdg_data_t dir "mission-control" telepathy_mission_control_xdg_data_t)
                (typetransition user_t user_home_dir_t dir ".mission-control" telepathy_mission_control_home_t)
                (typetransition user_t telepathy_xdg_cache_t dir "logger" telepathy_logger_xdg_cache_t)
                (typetransition user_t telepathy_xdg_cache_t dir "gabble" telepathy_gabble_xdg_cache_t)
                (optional unprivuser_optional_216
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t telepathy_domain (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t telepathy_domain (file (ioctl read getattr lock open)))
                    (allow user_systemd_t telepathy_domain (lnk_file (read getattr)))
                    (allow user_systemd_t telepathy_domain (process (getattr)))
                    (allow user_systemd_t telepathy_domain (process (sigchld sigkill sigstop signull signal)))
                    (allow telepathy_domain user_systemd_t (fd (use)))
                    (allow telepathy_domain user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow telepathy_domain user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow telepathy_domain user_systemd_t (file (ioctl read getattr lock open)))
                    (allow telepathy_domain user_systemd_t (lnk_file (read getattr)))
                    (allow telepathy_domain user_systemd_t (process (getattr)))
                    (allow telepathy_domain user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_217
                (roleattributeset cil_gen_require thunderbird_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require thunderbird_t)
                (typeattributeset cil_gen_require thunderbird_exec_t)
                (typeattributeset cil_gen_require thunderbird_home_t)
                (typeattributeset cil_gen_require thunderbird_tmpfs_t)
                (roleattributeset cil_gen_require thunderbird_roles)
                (roleattributeset thunderbird_roles (user_r ))
                (allow user_application_exec_domain thunderbird_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain thunderbird_t (process (transition)))
                (dontaudit user_application_exec_domain thunderbird_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain thunderbird_exec_t process thunderbird_t)
                (allow thunderbird_t user_application_exec_domain (fd (use)))
                (allow thunderbird_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow thunderbird_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain thunderbird_tmpfs_t (dir (getattr open search)))
                (allow user_application_exec_domain thunderbird_tmpfs_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain thunderbird_t (unix_stream_socket (connectto)))
                (allow thunderbird_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow user_application_exec_domain thunderbird_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain thunderbird_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain thunderbird_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain thunderbird_t (lnk_file (read getattr)))
                (allow user_application_exec_domain thunderbird_t (process (getattr)))
                (allow user_t thunderbird_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t thunderbird_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t thunderbird_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir ".thunderbird" thunderbird_home_t)
                (optional unprivuser_optional_218
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t thunderbird_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t thunderbird_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t thunderbird_t (lnk_file (read getattr)))
                    (allow user_systemd_t thunderbird_t (process (getattr)))
                    (allow user_systemd_t thunderbird_t (process (sigchld sigkill sigstop signull signal)))
                    (allow thunderbird_t user_systemd_t (fd (use)))
                    (allow thunderbird_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow thunderbird_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow thunderbird_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow thunderbird_t user_systemd_t (lnk_file (read getattr)))
                    (allow thunderbird_t user_systemd_t (process (getattr)))
                    (allow thunderbird_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_219
                (roleattributeset cil_gen_require tvtime_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tvtime_t)
                (typeattributeset cil_gen_require tvtime_exec_t)
                (typeattributeset cil_gen_require tvtime_tmp_t)
                (typeattributeset cil_gen_require tvtime_home_t)
                (typeattributeset cil_gen_require tvtime_tmpfs_t)
                (roleattributeset cil_gen_require tvtime_roles)
                (roleattributeset tvtime_roles (user_r ))
                (allow user_application_exec_domain tvtime_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain tvtime_t (process (transition)))
                (dontaudit user_application_exec_domain tvtime_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain tvtime_exec_t process tvtime_t)
                (allow tvtime_t user_application_exec_domain (fd (use)))
                (allow tvtime_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow tvtime_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain tvtime_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain tvtime_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain tvtime_t (lnk_file (read getattr)))
                (allow user_application_exec_domain tvtime_t (process (getattr)))
                (allow user_application_exec_domain tvtime_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_t tvtime_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t tvtime_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t tvtime_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t tvtime_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t tvtime_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t tvtime_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t tvtime_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t tvtime_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t tvtime_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir ".tvtime" tvtime_home_t)
                (optional unprivuser_optional_220
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t tvtime_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t tvtime_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t tvtime_t (lnk_file (read getattr)))
                    (allow user_systemd_t tvtime_t (process (getattr)))
                    (allow user_systemd_t tvtime_t (process (sigchld sigkill sigstop signull signal)))
                    (allow tvtime_t user_systemd_t (fd (use)))
                    (allow tvtime_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow tvtime_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow tvtime_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow tvtime_t user_systemd_t (lnk_file (read getattr)))
                    (allow tvtime_t user_systemd_t (process (getattr)))
                    (allow tvtime_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_221
                (roleattributeset cil_gen_require uml_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require uml_t)
                (typeattributeset cil_gen_require uml_exec_t)
                (typeattributeset cil_gen_require uml_ro_t)
                (typeattributeset cil_gen_require uml_rw_t)
                (typeattributeset cil_gen_require uml_tmp_t)
                (typeattributeset cil_gen_require uml_tmpfs_t)
                (roleattributeset cil_gen_require uml_roles)
                (roleattributeset uml_roles (user_r ))
                (allow user_application_exec_domain uml_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain uml_t (process (transition)))
                (dontaudit user_application_exec_domain uml_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain uml_exec_t process uml_t)
                (allow uml_t user_application_exec_domain (fd (use)))
                (allow uml_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow uml_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain uml_tmpfs_t (dir (getattr open search)))
                (allow user_application_exec_domain uml_tmpfs_t (sock_file (write getattr append open)))
                (allow user_application_exec_domain uml_t (unix_dgram_socket (sendto)))
                (allow uml_t user_application_exec_domain (unix_dgram_socket (sendto)))
                (allow user_application_exec_domain uml_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain uml_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain uml_t (lnk_file (read getattr)))
                (allow user_application_exec_domain uml_t (process (getattr)))
                (allow user_application_exec_domain uml_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_t uml_ro_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t uml_rw_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t uml_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t uml_ro_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t uml_rw_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t uml_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t uml_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t uml_ro_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t uml_rw_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t uml_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t uml_ro_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t uml_rw_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t uml_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t uml_ro_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t uml_rw_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t uml_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir ".uml" uml_rw_t)
                (optional unprivuser_optional_222
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t uml_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t uml_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t uml_t (lnk_file (read getattr)))
                    (allow user_systemd_t uml_t (process (getattr)))
                    (allow user_systemd_t uml_t (process (sigchld sigkill sigstop signull signal)))
                    (allow uml_t user_systemd_t (fd (use)))
                    (allow uml_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow uml_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow uml_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow uml_t user_systemd_t (lnk_file (read getattr)))
                    (allow uml_t user_systemd_t (process (getattr)))
                    (allow uml_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_223
                (type user_consolehelper_t)
                (roletype object_r user_consolehelper_t)
                (type user_userhelper_t)
                (roletype object_r user_userhelper_t)
                (roleattributeset cil_gen_require userhelper_roles)
                (roleattributeset cil_gen_require consolehelper_roles)
                (typeattributeset cil_gen_require unpriv_userdomain)
                (typeattributeset unpriv_userdomain (user_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_t ))
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require sysfs_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_t ))
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require cert_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require urandom_device_t)
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (user_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require random_device_t)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_t ))
                (typeattributeset cil_gen_require var_log_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require chkpwd_t)
                (typeattributeset cil_gen_require chkpwd_exec_t)
                (typeattributeset cil_gen_require shadow_t)
                (typeattributeset cil_gen_require auth_cache_t)
                (typeattributeset cil_gen_require faillog_t)
                (typeattributeset cil_gen_require can_change_process_role)
                (typeattributeset cil_gen_require can_read_shadow_passwords)
                (typeattributeset cil_gen_require pam_domain)
                (typeattributeset cil_gen_require can_change_object_identity)
                (typeattributeset cil_gen_require userhelper_type)
                (typeattributeset cil_gen_require consolehelper_type)
                (typeattributeset cil_gen_require userhelper_exec_t)
                (typeattributeset cil_gen_require consolehelper_exec_t)
                (typeattributeset cil_gen_require can_change_process_identity)
                (roleattributeset cil_gen_require userhelper_roles)
                (roleattributeset userhelper_roles (user_r ))
                (roletype userhelper_roles user_userhelper_t)
                (roleattributeset cil_gen_require consolehelper_roles)
                (roleattributeset consolehelper_roles (user_r ))
                (roletype consolehelper_roles user_consolehelper_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (userhelper_exec_t consolehelper_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (userhelper_exec_t consolehelper_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_consolehelper_t user_userhelper_t ))
                (typeattributeset cil_gen_require pam_domain)
                (typeattributeset pam_domain (user_consolehelper_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (user_consolehelper_t user_userhelper_t ))
                (typeattributeset cil_gen_require can_change_process_identity)
                (typeattributeset can_change_process_identity (user_userhelper_t ))
                (typeattributeset cil_gen_require can_read_shadow_passwords)
                (typeattributeset can_read_shadow_passwords (user_consolehelper_t ))
                (typeattributeset cil_gen_require can_change_process_role)
                (typeattributeset can_change_process_role (user_userhelper_t ))
                (typeattributeset cil_gen_require can_change_object_identity)
                (typeattributeset can_change_object_identity (user_userhelper_t ))
                (typeattributeset cil_gen_require consolehelper_type)
                (typeattributeset consolehelper_type (user_consolehelper_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_consolehelper_t user_userhelper_t ))
                (typeattributeset cil_gen_require userhelper_type)
                (typeattributeset userhelper_type (user_userhelper_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (userhelper_exec_t consolehelper_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_consolehelper_t user_userhelper_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (userhelper_exec_t consolehelper_exec_t ))
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (user_userhelper_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (userhelper_exec_t consolehelper_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (userhelper_exec_t consolehelper_exec_t ))
                (allow user_consolehelper_t consolehelper_exec_t (file (entrypoint)))
                (allow user_consolehelper_t consolehelper_exec_t (file (ioctl read getattr lock map execute open)))
                (allow user_userhelper_t userhelper_exec_t (file (entrypoint)))
                (allow user_userhelper_t userhelper_exec_t (file (ioctl read getattr lock map execute open)))
                (allow user_consolehelper_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow user_application_exec_domain consolehelper_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain user_consolehelper_t (process (transition)))
                (dontaudit user_application_exec_domain user_consolehelper_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain consolehelper_exec_t process user_consolehelper_t)
                (allow user_consolehelper_t user_application_exec_domain (fd (use)))
                (allow user_consolehelper_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_consolehelper_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain user_consolehelper_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain user_consolehelper_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain user_consolehelper_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain user_consolehelper_t (lnk_file (read getattr)))
                (allow user_application_exec_domain user_consolehelper_t (process (getattr)))
                (allow user_consolehelper_t auth_cache_t (dir (getattr open search)))
                (allow user_consolehelper_t bin_t (dir (getattr open search)))
                (allow user_consolehelper_t bin_t (lnk_file (read getattr)))
                (allow user_consolehelper_t usr_t (dir (getattr open search)))
                (allow user_consolehelper_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_consolehelper_t chkpwd_t (process (transition)))
                (dontaudit user_consolehelper_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_consolehelper_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t user_consolehelper_t (fd (use)))
                (allow chkpwd_t user_consolehelper_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t user_consolehelper_t (process (sigchld)))
                (dontaudit user_consolehelper_t shadow_t (file (ioctl read getattr lock open)))
                (allow user_consolehelper_t device_t (dir (getattr open search)))
                (allow user_consolehelper_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_consolehelper_t device_t (dir (getattr open search)))
                (allow user_consolehelper_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_consolehelper_t var_t (dir (getattr open search)))
                (allow user_consolehelper_t var_log_t (dir (getattr open search)))
                (allow user_consolehelper_t var_log_t (lnk_file (read getattr)))
                (allow user_consolehelper_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow user_consolehelper_t self (capability (audit_write)))
                (allow user_consolehelper_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow user_consolehelper_t cert_t (dir (ioctl read getattr lock open search)))
                (allow user_consolehelper_t cert_t (dir (getattr open search)))
                (allow user_consolehelper_t cert_t (file (ioctl read getattr lock open)))
                (allow user_consolehelper_t cert_t (dir (getattr open search)))
                (allow user_consolehelper_t cert_t (lnk_file (read getattr)))
                (allow user_consolehelper_t security_t (filesystem (getattr)))
                (allow user_consolehelper_t sysfs_t (filesystem (getattr)))
                (allow user_consolehelper_t sysfs_t (dir (getattr open search)))
                (allow user_consolehelper_t sysfs_t (dir (getattr open search)))
                (allow user_consolehelper_t sysfs_t (dir (getattr open search)))
                (allow user_consolehelper_t sysfs_t (dir (getattr open search)))
                (allow user_consolehelper_t security_t (dir (ioctl read getattr lock open search)))
                (allow user_consolehelper_t security_t (file (ioctl read getattr map open)))
                (allow user_application_exec_domain userhelper_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain user_userhelper_t (process (transition)))
                (dontaudit user_application_exec_domain user_userhelper_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain userhelper_exec_t process user_userhelper_t)
                (allow user_userhelper_t user_application_exec_domain (fd (use)))
                (allow user_userhelper_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_userhelper_t user_application_exec_domain (process (sigchld)))
                (dontaudit user_application_exec_domain user_userhelper_t (process (signal)))
                (allow user_userhelper_t bin_t (dir (getattr open search)))
                (allow user_userhelper_t bin_t (lnk_file (read getattr)))
                (allow user_userhelper_t usr_t (dir (getattr open search)))
                (allow user_userhelper_t bin_t (file (ioctl read getattr map execute open)))
                (allow user_userhelper_t user_t (process (transition)))
                (dontaudit user_userhelper_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_userhelper_t bin_t process user_t)
                (allow user_userhelper_t auth_cache_t (dir (getattr open search)))
                (allow user_userhelper_t bin_t (dir (getattr open search)))
                (allow user_userhelper_t bin_t (lnk_file (read getattr)))
                (allow user_userhelper_t usr_t (dir (getattr open search)))
                (allow user_userhelper_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow user_userhelper_t chkpwd_t (process (transition)))
                (dontaudit user_userhelper_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_userhelper_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t user_userhelper_t (fd (use)))
                (allow chkpwd_t user_userhelper_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t user_userhelper_t (process (sigchld)))
                (dontaudit user_userhelper_t shadow_t (file (ioctl read getattr lock open)))
                (allow user_userhelper_t device_t (dir (getattr open search)))
                (allow user_userhelper_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_userhelper_t device_t (dir (getattr open search)))
                (allow user_userhelper_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_userhelper_t var_t (dir (getattr open search)))
                (allow user_userhelper_t var_log_t (dir (getattr open search)))
                (allow user_userhelper_t var_log_t (lnk_file (read getattr)))
                (allow user_userhelper_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow user_userhelper_t self (capability (audit_write)))
                (allow user_userhelper_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow user_userhelper_t cert_t (dir (ioctl read getattr lock open search)))
                (allow user_userhelper_t cert_t (dir (getattr open search)))
                (allow user_userhelper_t cert_t (file (ioctl read getattr lock open)))
                (allow user_userhelper_t cert_t (dir (getattr open search)))
                (allow user_userhelper_t cert_t (lnk_file (read getattr)))
                (allow user_userhelper_t bin_t (dir (getattr open search)))
                (allow user_userhelper_t bin_t (lnk_file (read getattr)))
                (allow user_userhelper_t usr_t (dir (getattr open search)))
                (allow user_userhelper_t bin_t (file (ioctl read getattr map execute open)))
                (allow user_userhelper_t unpriv_userdomain (process (transition)))
                (dontaudit user_userhelper_t unpriv_userdomain (process (noatsecure siginh rlimitinh)))
                (allow unpriv_userdomain user_userhelper_t (fd (use)))
                (allow unpriv_userdomain user_userhelper_t (fifo_file (ioctl read write getattr lock append)))
                (allow unpriv_userdomain user_userhelper_t (process (sigchld)))
                (allow user_userhelper_t entry_type (file (ioctl read getattr map execute open)))
                (allow user_userhelper_t unpriv_userdomain (process (transition)))
                (dontaudit user_userhelper_t unpriv_userdomain (process (noatsecure siginh rlimitinh)))
                (allow unpriv_userdomain user_userhelper_t (fd (use)))
                (allow unpriv_userdomain user_userhelper_t (fifo_file (ioctl read write getattr lock append)))
                (allow unpriv_userdomain user_userhelper_t (process (sigchld)))
                (optional unprivuser_optional_224
                    (typeattributeset cil_gen_require init_t)
                    (allow user_consolehelper_t init_t (process (sigchld)))
                    (allow user_consolehelper_t init_t (process (signull)))
                    (optional unprivuser_optional_225
                        (typeattributeset cil_gen_require rpm_t)
                        (allow user_consolehelper_t rpm_t (fd (use)))
                        (allow user_consolehelper_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional unprivuser_optional_226
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit user_consolehelper_t security_t (filesystem (getattr)))
                        (dontaudit user_consolehelper_t sysfs_t (filesystem (getattr)))
                        (dontaudit user_consolehelper_t sysfs_t (dir (getattr open search)))
                        (dontaudit user_consolehelper_t security_t (dir (getattr open search)))
                        (dontaudit user_consolehelper_t security_t (file (ioctl read getattr lock open)))
                        (optional unprivuser_optional_227
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit user_consolehelper_t selinux_config_t (dir (getattr open search)))
                            (dontaudit user_consolehelper_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional unprivuser_optional_228
                                (typeattributeset cil_gen_require init_t)
                                (allow user_userhelper_t init_t (process (sigchld)))
                                (allow user_userhelper_t init_t (process (signull)))
                                (optional unprivuser_optional_229
                                    (typeattributeset cil_gen_require rpm_t)
                                    (allow user_userhelper_t rpm_t (fd (use)))
                                    (allow user_userhelper_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                )
                                (optional unprivuser_optional_230
                                    (typeattributeset cil_gen_require security_t)
                                    (typeattributeset cil_gen_require sysfs_t)
                                    (dontaudit user_userhelper_t security_t (filesystem (getattr)))
                                    (dontaudit user_userhelper_t sysfs_t (filesystem (getattr)))
                                    (dontaudit user_userhelper_t sysfs_t (dir (getattr open search)))
                                    (dontaudit user_userhelper_t security_t (dir (getattr open search)))
                                    (dontaudit user_userhelper_t security_t (file (ioctl read getattr lock open)))
                                    (optional unprivuser_optional_231
                                        (typeattributeset cil_gen_require selinux_config_t)
                                        (dontaudit user_userhelper_t selinux_config_t (dir (getattr open search)))
                                        (dontaudit user_userhelper_t selinux_config_t (file (ioctl read getattr lock open)))
                                        (optional unprivuser_optional_232
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require krb5_keytab_t)
                                            (allow user_consolehelper_t etc_t (dir (getattr open search)))
                                            (allow user_consolehelper_t krb5_keytab_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional unprivuser_optional_233
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require pcscd_t)
                                            (typeattributeset cil_gen_require pcscd_runtime_t)
                                            (allow user_consolehelper_t var_run_t (lnk_file (read getattr)))
                                            (allow user_consolehelper_t var_t (dir (getattr open search)))
                                            (allow user_consolehelper_t var_run_t (dir (getattr open search)))
                                            (allow user_consolehelper_t pcscd_runtime_t (dir (getattr open search)))
                                            (allow user_consolehelper_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                            (allow user_consolehelper_t var_run_t (lnk_file (read getattr)))
                                            (allow user_consolehelper_t var_t (dir (getattr open search)))
                                            (allow user_consolehelper_t var_run_t (dir (getattr open search)))
                                            (allow user_consolehelper_t pcscd_runtime_t (dir (getattr open search)))
                                            (allow user_consolehelper_t pcscd_runtime_t (sock_file (write getattr append open)))
                                            (allow user_consolehelper_t pcscd_t (unix_stream_socket (connectto)))
                                            (allow pcscd_t user_consolehelper_t (dir (ioctl read getattr lock open search)))
                                            (allow pcscd_t user_consolehelper_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional unprivuser_optional_234
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_lib_t)
                                            (typeattributeset cil_gen_require system_dbusd_t)
                                            (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                            (typeattributeset cil_gen_require dbusd_system_bus_client)
                                            (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                            (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                            (typeattributeset cil_gen_require dbusd_etc_t)
                                            (typeattributeset cil_gen_require dbusd_system_bus_client)
                                            (typeattributeset dbusd_system_bus_client (user_consolehelper_t ))
                                            (allow user_consolehelper_t system_dbusd_t (dbus (send_msg)))
                                            (allow user_consolehelper_t self (dbus (send_msg)))
                                            (allow system_dbusd_t user_consolehelper_t (dbus (send_msg)))
                                            (allow user_consolehelper_t var_t (dir (getattr open search)))
                                            (allow user_consolehelper_t var_lib_t (dir (getattr open search)))
                                            (allow user_consolehelper_t system_dbusd_var_lib_t (dir (getattr open search)))
                                            (allow user_consolehelper_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                            (allow user_consolehelper_t system_dbusd_var_lib_t (dir (getattr open search)))
                                            (allow user_consolehelper_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                            (allow user_consolehelper_t session_dbusd_tmp_t (dir (getattr open search)))
                                            (allow user_consolehelper_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                            (allow user_consolehelper_t var_run_t (lnk_file (read getattr)))
                                            (allow user_consolehelper_t var_t (dir (getattr open search)))
                                            (allow user_consolehelper_t var_run_t (dir (getattr open search)))
                                            (allow user_consolehelper_t system_dbusd_runtime_t (dir (getattr open search)))
                                            (allow user_consolehelper_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                            (allow user_consolehelper_t system_dbusd_t (unix_stream_socket (connectto)))
                                            (allow user_consolehelper_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                            (allow user_consolehelper_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                            (allow user_consolehelper_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                            (allow user_consolehelper_t system_dbusd_runtime_t (sock_file (read)))
                                            (allow user_consolehelper_t system_dbusd_var_lib_t (dir (getattr open search)))
                                            (allow user_consolehelper_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                            (optional unprivuser_optional_235
                                                (typeattributeset cil_gen_require fprintd_t)
                                                (allow user_consolehelper_t fprintd_t (dbus (send_msg)))
                                                (allow fprintd_t user_consolehelper_t (dbus (send_msg)))
                                            )
                                            (optional unprivuser_optional_236
                                                (typeattributeset cil_gen_require systemd_logind_t)
                                                (typeattributeset cil_gen_require systemd_sessions_runtime_t)
                                                (allow user_consolehelper_t systemd_logind_t (dbus (send_msg)))
                                                (allow systemd_logind_t user_consolehelper_t (dbus (send_msg)))
                                                (allow user_consolehelper_t systemd_logind_t (fd (use)))
                                                (allow user_consolehelper_t systemd_sessions_runtime_t (fifo_file (write)))
                                                (allow systemd_logind_t user_consolehelper_t (process (signal)))
                                            )
                                        )
                                        (optional unprivuser_optional_237
                                            (typeattributeset cil_gen_require security_t)
                                            (typeattributeset cil_gen_require sysfs_t)
                                            (typeattributeset cil_gen_require selinux_config_t)
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require user_home_dir_t)
                                            (typeattributeset cil_gen_require home_root_t)
                                            (typeattributeset cil_gen_require tmp_t)
                                            (typeattributeset cil_gen_require krb5_host_rcache_t)
                                            (typeattributeset cil_gen_require krb5_conf_t)
                                            (typeattributeset cil_gen_require krb5_home_t)
                                            (typeattributeset cil_gen_require default_context_t)
                                            (typeattributeset cil_gen_require file_context_t)
                                            (typeattributeset cil_gen_require can_change_object_identity)
                                            (typeattributeset cil_gen_require can_change_object_identity)
                                            (typeattributeset can_change_object_identity (user_consolehelper_t ))
                                            (allow user_consolehelper_t etc_t (dir (getattr open search)))
                                            (allow user_consolehelper_t krb5_conf_t (file (ioctl read getattr lock open)))
                                            (allow user_consolehelper_t user_home_dir_t (dir (getattr open search)))
                                            (allow user_consolehelper_t home_root_t (dir (getattr open search)))
                                            (allow user_consolehelper_t home_root_t (lnk_file (read getattr)))
                                            (allow user_consolehelper_t krb5_home_t (file (ioctl read getattr lock open)))
                                            (booleanif (allow_kerberos)
                                                (true
                                                    (allow user_consolehelper_t krb5_host_rcache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                                    (allow user_consolehelper_t tmp_t (dir (getattr open search)))
                                                    (allow user_consolehelper_t file_context_t (file (map)))
                                                    (allow user_consolehelper_t file_context_t (file (ioctl read getattr lock open)))
                                                    (allow user_consolehelper_t file_context_t (dir (getattr open search)))
                                                    (allow user_consolehelper_t selinux_config_t (dir (getattr open search)))
                                                    (allow user_consolehelper_t default_context_t (dir (getattr open search)))
                                                    (allow user_consolehelper_t etc_t (dir (getattr open search)))
                                                    (allow user_consolehelper_t security_t (security (check_context)))
                                                    (allow user_consolehelper_t security_t (file (ioctl read write getattr map open)))
                                                    (allow user_consolehelper_t security_t (dir (ioctl read getattr lock open search)))
                                                    (allow user_consolehelper_t sysfs_t (dir (getattr open search)))
                                                    (allow user_consolehelper_t sysfs_t (dir (getattr open search)))
                                                    (allow user_consolehelper_t self (process (setfscreate)))
                                                )
                                            )
                                        )
                                        (optional unprivuser_optional_238
                                            (typeattributeset cil_gen_require session_bus_type)
                                            (allow user_consolehelper_t session_bus_type (dbus (acquire_svc)))
                                            (optional unprivuser_optional_239
                                                (typeattributeset cil_gen_require consolehelper_type)
                                                (allow user_application_exec_domain consolehelper_type (dbus (send_msg)))
                                                (allow consolehelper_type user_application_exec_domain (dbus (send_msg)))
                                            )
                                        )
                                        (optional unprivuser_optional_240
                                            (typeattributeset cil_gen_require user_systemd_t)
                                            (allow user_systemd_t user_consolehelper_t (dir (ioctl read getattr lock open search)))
                                            (allow user_systemd_t user_consolehelper_t (file (ioctl read getattr lock open)))
                                            (allow user_systemd_t user_consolehelper_t (lnk_file (read getattr)))
                                            (allow user_systemd_t user_consolehelper_t (process (getattr)))
                                            (allow user_systemd_t user_consolehelper_t (process (sigchld sigkill sigstop signull signal)))
                                            (allow user_consolehelper_t user_systemd_t (fd (use)))
                                            (allow user_consolehelper_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                            (allow user_consolehelper_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                            (allow user_consolehelper_t user_systemd_t (file (ioctl read getattr lock open)))
                                            (allow user_consolehelper_t user_systemd_t (lnk_file (read getattr)))
                                            (allow user_consolehelper_t user_systemd_t (process (getattr)))
                                            (allow user_consolehelper_t user_systemd_t (process (sigchld)))
                                        )
                                        (optional unprivuser_optional_241
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require krb5_keytab_t)
                                            (allow user_userhelper_t etc_t (dir (getattr open search)))
                                            (allow user_userhelper_t krb5_keytab_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional unprivuser_optional_242
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require pcscd_t)
                                            (typeattributeset cil_gen_require pcscd_runtime_t)
                                            (allow user_userhelper_t var_run_t (lnk_file (read getattr)))
                                            (allow user_userhelper_t var_t (dir (getattr open search)))
                                            (allow user_userhelper_t var_run_t (dir (getattr open search)))
                                            (allow user_userhelper_t pcscd_runtime_t (dir (getattr open search)))
                                            (allow user_userhelper_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                            (allow user_userhelper_t var_run_t (lnk_file (read getattr)))
                                            (allow user_userhelper_t var_t (dir (getattr open search)))
                                            (allow user_userhelper_t var_run_t (dir (getattr open search)))
                                            (allow user_userhelper_t pcscd_runtime_t (dir (getattr open search)))
                                            (allow user_userhelper_t pcscd_runtime_t (sock_file (write getattr append open)))
                                            (allow user_userhelper_t pcscd_t (unix_stream_socket (connectto)))
                                            (allow pcscd_t user_userhelper_t (dir (ioctl read getattr lock open search)))
                                            (allow pcscd_t user_userhelper_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional unprivuser_optional_243
                                            (typeattributeset cil_gen_require entry_type)
                                            (typeattributeset entry_type (shell_exec_t bin_t ))
                                            (typeattributeset cil_gen_require bin_t)
                                            (typeattributeset cil_gen_require usr_t)
                                            (typeattributeset cil_gen_require sysadm_t)
                                            (booleanif (secure_mode)
                                                (false
                                                    (allow sysadm_t user_userhelper_t (process (sigchld)))
                                                    (allow sysadm_t user_userhelper_t (fifo_file (ioctl read write getattr lock append)))
                                                    (allow sysadm_t user_userhelper_t (fd (use)))
                                                    (dontaudit user_userhelper_t sysadm_t (process (noatsecure siginh rlimitinh)))
                                                    (allow user_userhelper_t sysadm_t (process (transition)))
                                                    (allow user_userhelper_t entry_type (file (ioctl read getattr map execute open)))
                                                    (allow sysadm_t user_userhelper_t (process (sigchld)))
                                                    (allow sysadm_t user_userhelper_t (fifo_file (ioctl read write getattr lock append)))
                                                    (allow sysadm_t user_userhelper_t (fd (use)))
                                                    (dontaudit user_userhelper_t sysadm_t (process (noatsecure siginh rlimitinh)))
                                                    (allow user_userhelper_t sysadm_t (process (transition)))
                                                    (allow user_userhelper_t bin_t (file (ioctl read getattr map execute open)))
                                                    (allow user_userhelper_t usr_t (dir (getattr open search)))
                                                    (allow user_userhelper_t bin_t (lnk_file (read getattr)))
                                                    (allow user_userhelper_t bin_t (dir (getattr open search)))
                                                )
                                            )
                                        )
                                        (optional unprivuser_optional_244
                                            (typeattributeset cil_gen_require user_systemd_t)
                                            (allow user_systemd_t user_userhelper_t (dir (ioctl read getattr lock open search)))
                                            (allow user_systemd_t user_userhelper_t (file (ioctl read getattr lock open)))
                                            (allow user_systemd_t user_userhelper_t (lnk_file (read getattr)))
                                            (allow user_systemd_t user_userhelper_t (process (getattr)))
                                            (allow user_systemd_t user_userhelper_t (process (sigchld sigkill sigstop signull signal)))
                                            (allow user_userhelper_t user_systemd_t (fd (use)))
                                            (allow user_userhelper_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                            (allow user_userhelper_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                            (allow user_userhelper_t user_systemd_t (file (ioctl read getattr lock open)))
                                            (allow user_userhelper_t user_systemd_t (lnk_file (read getattr)))
                                            (allow user_userhelper_t user_systemd_t (process (getattr)))
                                            (allow user_userhelper_t user_systemd_t (process (sigchld)))
                                        )
                                    )
                                )
                            )
                        )
                    )
                )
            )
            (optional unprivuser_optional_245
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require vmware_t)
                (typeattributeset cil_gen_require vmware_exec_t)
                (typeattributeset cil_gen_require vmware_file_t)
                (typeattributeset cil_gen_require vmware_conf_t)
                (typeattributeset cil_gen_require vmware_tmp_t)
                (typeattributeset cil_gen_require vmware_tmpfs_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r vmware_t)
                (allow user_application_exec_domain vmware_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain vmware_t (process (transition)))
                (dontaudit user_application_exec_domain vmware_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain vmware_exec_t process vmware_t)
                (allow vmware_t user_application_exec_domain (fd (use)))
                (allow vmware_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow vmware_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain vmware_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain vmware_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain vmware_t (lnk_file (read getattr)))
                (allow user_application_exec_domain vmware_t (process (getattr)))
                (allow user_application_exec_domain vmware_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_t vmware_file_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t vmware_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t vmware_file_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t vmware_conf_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t vmware_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t vmware_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t vmware_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t vmware_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t vmware_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t vmware_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir "vmware" vmware_file_t)
                (typetransition user_t user_home_dir_t dir ".vmware" vmware_file_t)
                (optional unprivuser_optional_246
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t vmware_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t vmware_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t vmware_t (lnk_file (read getattr)))
                    (allow user_systemd_t vmware_t (process (getattr)))
                    (allow user_systemd_t vmware_t (process (sigchld sigkill sigstop signull signal)))
                    (allow vmware_t user_systemd_t (fd (use)))
                    (allow vmware_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow vmware_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow vmware_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow vmware_t user_systemd_t (lnk_file (read getattr)))
                    (allow vmware_t user_systemd_t (process (getattr)))
                    (allow vmware_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_247
                (roleattributeset cil_gen_require wireshark_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require wireshark_t)
                (typeattributeset cil_gen_require wireshark_exec_t)
                (typeattributeset cil_gen_require wireshark_home_t)
                (typeattributeset cil_gen_require wireshark_tmp_t)
                (typeattributeset cil_gen_require wireshark_tmpfs_t)
                (roleattributeset cil_gen_require wireshark_roles)
                (roleattributeset wireshark_roles (user_r ))
                (allow user_application_exec_domain wireshark_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain wireshark_t (process (transition)))
                (dontaudit user_application_exec_domain wireshark_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain wireshark_exec_t process wireshark_t)
                (allow wireshark_t user_application_exec_domain (fd (use)))
                (allow wireshark_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow wireshark_t user_application_exec_domain (process (sigchld)))
                (allow user_application_exec_domain wireshark_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain wireshark_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain wireshark_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain wireshark_t (lnk_file (read getattr)))
                (allow user_application_exec_domain wireshark_t (process (getattr)))
                (allow user_t wireshark_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t wireshark_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t wireshark_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t wireshark_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t wireshark_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t wireshark_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t wireshark_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t wireshark_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t wireshark_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t wireshark_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir ".wireshark" wireshark_home_t)
                (optional unprivuser_optional_248
                    (typeattributeset cil_gen_require user_systemd_t)
                    (allow user_systemd_t wireshark_t (dir (ioctl read getattr lock open search)))
                    (allow user_systemd_t wireshark_t (file (ioctl read getattr lock open)))
                    (allow user_systemd_t wireshark_t (lnk_file (read getattr)))
                    (allow user_systemd_t wireshark_t (process (getattr)))
                    (allow user_systemd_t wireshark_t (process (sigchld sigkill sigstop signull signal)))
                    (allow wireshark_t user_systemd_t (fd (use)))
                    (allow wireshark_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow wireshark_t user_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow wireshark_t user_systemd_t (file (ioctl read getattr lock open)))
                    (allow wireshark_t user_systemd_t (lnk_file (read getattr)))
                    (allow wireshark_t user_systemd_t (process (getattr)))
                    (allow wireshark_t user_systemd_t (process (sigchld)))
                )
            )
            (optional unprivuser_optional_249
                (type user_wm_t)
                (roletype object_r user_wm_t)
                (typeattributeset cil_gen_require user_application_exec_domain)
                (typeattributeset user_application_exec_domain (user_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_t ))
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_t ))
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require lib_t)
                (typeattributeset cil_gen_require fonts_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_t ))
                (typeattributeset cil_gen_require xdm_t)
                (typeattributeset cil_gen_require xdg_cache_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require iceauth_home_t)
                (typeattributeset cil_gen_require xserver_t)
                (typeattributeset cil_gen_require xserver_tmp_t)
                (typeattributeset cil_gen_require xserver_tmpfs_t)
                (typeattributeset cil_gen_require xauth_home_t)
                (typeattributeset cil_gen_require user_fonts_t)
                (typeattributeset cil_gen_require user_fonts_cache_t)
                (typeattributeset cil_gen_require user_fonts_config_t)
                (typeattributeset cil_gen_require mesa_shader_cache_t)
                (typeattributeset cil_gen_require iceauth_t)
                (typeattributeset cil_gen_require iceauth_exec_t)
                (typeattributeset cil_gen_require xauth_t)
                (typeattributeset cil_gen_require xauth_exec_t)
                (typeattributeset cil_gen_require xdm_tmp_t)
                (typeattributeset cil_gen_require xserver_misc_device_t)
                (typeattributeset cil_gen_require power_device_t)
                (typeattributeset cil_gen_require event_device_t)
                (typeattributeset cil_gen_require misc_device_t)
                (typeattributeset cil_gen_require agp_device_t)
                (typeattributeset cil_gen_require dri_device_t)
                (typeattributeset cil_gen_require usbfs_t)
                (typeattributeset cil_gen_require fonts_cache_t)
                (typeattributeset cil_gen_require root_xdrawable_t)
                (typeattributeset cil_gen_require xevent_t)
                (typeattributeset cil_gen_require client_xevent_t)
                (typeattributeset cil_gen_require input_xevent_t)
                (typeattributeset cil_gen_require user_input_xevent_t)
                (typeattributeset cil_gen_require x_domain)
                (typeattributeset cil_gen_require xdrawable_type)
                (typeattributeset cil_gen_require xcolormap_type)
                (typeattributeset cil_gen_require input_xevent_type)
                (typeattributeset cil_gen_require xserver_exec_t)
                (typeattributeset cil_gen_require xserver_unconfined_type)
                (typeattributeset cil_gen_require xsession_exec_t)
                (typeattributeset cil_gen_require xserver_log_t)
                (typeattributeset cil_gen_require xdm_var_run_t)
                (typeattributeset cil_gen_require xsession_log_t)
                (typeattributeset cil_gen_require xkb_var_lib_t)
                (typeattributeset cil_gen_require user_wm_t)
                (typeattributeset cil_gen_require mlsfilewrite)
                (typeattributeset cil_gen_require wm_domain)
                (typeattributeset cil_gen_require wm_exec_t)
                (typeattributeset cil_gen_require mlsfileread)
                (typeattributeset cil_gen_require mlsxwinread)
                (typeattributeset cil_gen_require mlsxwinwrite)
                (typeattributeset cil_gen_require mlsfduse)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r xserver_t)
                (roletype user_r iceauth_t)
                (roletype user_r xauth_t)
                (roletype user_r user_wm_t)
                (typeattributeset cil_gen_require wm_domain)
                (typeattributeset wm_domain (user_wm_t ))
                (typeattributeset cil_gen_require mlsxwinwrite)
                (typeattributeset mlsxwinwrite (user_wm_t ))
                (typeattributeset cil_gen_require x_domain)
                (typeattributeset x_domain (user_wm_t ))
                (typeattributeset cil_gen_require mlsfileread)
                (typeattributeset mlsfileread (user_wm_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (xsession_exec_t wm_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (xsession_exec_t wm_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (user_wm_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (user_wm_t ))
                (typeattributeset cil_gen_require user_application_exec_domain)
                (typeattributeset user_application_exec_domain (user_wm_t ))
                (typeattributeset cil_gen_require mlsfilewrite)
                (typeattributeset mlsfilewrite (user_wm_t ))
                (typeattributeset cil_gen_require mlsxwinread)
                (typeattributeset mlsxwinread (user_wm_t ))
                (typeattributeset cil_gen_require xdrawable_type)
                (typeattributeset xdrawable_type (user_wm_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (user_wm_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (xsession_exec_t wm_exec_t ))
                (typeattributeset cil_gen_require mlsfduse)
                (typeattributeset mlsfduse (user_wm_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (user_wm_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (xsession_exec_t wm_exec_t ))
                (typeattributeset cil_gen_require xserver_unconfined_type)
                (typeattributeset xserver_unconfined_type (user_wm_t ))
                (typeattributeset cil_gen_require xcolormap_type)
                (typeattributeset xcolormap_type (user_wm_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (wm_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (xsession_exec_t wm_exec_t ))
                (allow user_wm_t wm_exec_t (file (entrypoint)))
                (allow user_wm_t wm_exec_t (file (ioctl read getattr lock map execute open)))
                (allow user_application_exec_domain user_wm_t (fd (use)))
                (allow user_wm_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow user_application_exec_domain user_wm_t (unix_stream_socket (connectto)))
                (allow user_application_exec_domain user_wm_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain user_wm_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain user_wm_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain user_wm_t (lnk_file (read getattr)))
                (allow user_application_exec_domain user_wm_t (process (getattr)))
                (allow user_wm_t user_application_exec_domain (process (sigkill signull)))
                (allow user_application_exec_domain wm_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain user_wm_t (process (transition)))
                (dontaudit user_application_exec_domain user_wm_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain wm_exec_t process user_wm_t)
                (allow user_wm_t user_application_exec_domain (fd (use)))
                (allow user_wm_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_wm_t user_application_exec_domain (process (sigchld)))
                (allow user_wm_t bin_t (dir (getattr open search)))
                (allow user_wm_t bin_t (lnk_file (read getattr)))
                (allow user_wm_t usr_t (dir (getattr open search)))
                (allow user_wm_t bin_t (file (ioctl read getattr map execute open)))
                (allow user_wm_t user_t (process (transition)))
                (dontaudit user_wm_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_wm_t bin_t process user_t)
                (allow user_wm_t bin_t (dir (getattr open search)))
                (allow user_wm_t bin_t (lnk_file (read getattr)))
                (allow user_wm_t usr_t (dir (getattr open search)))
                (allow user_wm_t bin_t (dir (getattr open search)))
                (allow user_wm_t bin_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow user_wm_t user_t (process (transition)))
                (dontaudit user_wm_t user_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_wm_t shell_exec_t process user_t)
                (allow user_wm_t var_t (dir (getattr open search)))
                (allow user_wm_t fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_wm_t fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t fonts_cache_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow xserver_t user_wm_t (fd (use)))
                (allow xserver_t user_wm_t (shm (getattr read write associate unix_read unix_write lock)))
                (allow xserver_t user_wm_t (process (signal)))
                (allow user_wm_t user_fonts_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t user_fonts_t (file (ioctl read getattr lock open)))
                (allow user_wm_t user_fonts_config_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t user_fonts_config_t (file (ioctl read getattr lock open)))
                (allow user_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t xserver_tmp_t (dir (getattr open search)))
                (allow user_wm_t xserver_tmp_t (sock_file (write getattr append open)))
                (allow user_wm_t xserver_t (unix_stream_socket (connectto)))
                (allow user_wm_t tmp_t (dir (getattr open search)))
                (allow user_wm_t xserver_t (fd (use)))
                (allow user_wm_t xserver_t (shm (getattr read associate unix_read)))
                (allow user_wm_t xserver_tmpfs_t (file (ioctl read getattr lock map open)))
                (allow user_wm_t iceauth_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t iceauth_t (file (ioctl read getattr lock open)))
                (allow user_wm_t iceauth_t (lnk_file (read getattr)))
                (allow user_wm_t iceauth_t (process (getattr)))
                (allow user_wm_t iceauth_exec_t (file (ioctl read getattr map execute open)))
                (allow user_wm_t iceauth_t (process (transition)))
                (dontaudit user_wm_t iceauth_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_wm_t iceauth_exec_t process iceauth_t)
                (allow iceauth_t user_wm_t (fd (use)))
                (allow iceauth_t user_wm_t (fifo_file (ioctl read write getattr lock append)))
                (allow iceauth_t user_wm_t (process (sigchld)))
                (allow user_wm_t iceauth_home_t (file (ioctl read getattr lock open)))
                (allow user_wm_t xauth_exec_t (file (ioctl read getattr map execute open)))
                (allow user_wm_t xauth_t (process (transition)))
                (dontaudit user_wm_t xauth_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_wm_t xauth_exec_t process xauth_t)
                (allow xauth_t user_wm_t (fd (use)))
                (allow xauth_t user_wm_t (fifo_file (ioctl read write getattr lock append)))
                (allow xauth_t user_wm_t (process (sigchld)))
                (allow user_wm_t xauth_t (process (signal)))
                (allow user_wm_t xauth_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t xauth_t (file (ioctl read getattr lock open)))
                (allow user_wm_t xauth_t (lnk_file (read getattr)))
                (allow user_wm_t xauth_t (process (getattr)))
                (allow user_wm_t xserver_t (process (signal)))
                (allow user_wm_t xauth_home_t (file (ioctl read getattr lock open)))
                (allow user_wm_t xdm_t (fd (use)))
                (allow user_wm_t xdm_t (fifo_file (ioctl read write getattr lock append)))
                (allow user_wm_t xdm_tmp_t (dir (search)))
                (allow user_wm_t xdm_tmp_t (sock_file (read write)))
                (dontaudit user_wm_t xdm_t (tcp_socket (read write)))
                (allow user_wm_t xserver_tmp_t (file (ioctl read getattr lock)))
                (allow user_wm_t device_t (dir (getattr open search)))
                (allow user_wm_t xserver_misc_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow user_wm_t xserver_misc_device_t (chr_file (map)))
                (allow user_wm_t device_t (dir (getattr open search)))
                (allow user_wm_t power_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow user_wm_t device_t (dir (getattr open search)))
                (allow user_wm_t event_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_wm_t device_t (dir (getattr open search)))
                (allow user_wm_t misc_device_t (chr_file (ioctl read getattr lock open)))
                (allow user_wm_t device_t (dir (getattr open search)))
                (allow user_wm_t misc_device_t (chr_file (ioctl write getattr lock append open)))
                (allow user_wm_t device_t (dir (getattr open search)))
                (allow user_wm_t agp_device_t (chr_file (getattr)))
                (dontaudit user_wm_t dri_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow user_wm_t usbfs_t (dir (getattr open search)))
                (allow user_wm_t usbfs_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t usbfs_t (dir (getattr open search)))
                (allow user_wm_t usbfs_t (file (ioctl read write getattr lock append open)))
                (allow user_wm_t usbfs_t (dir (getattr open search)))
                (allow user_wm_t usbfs_t (lnk_file (read getattr)))
                (allow user_wm_t usr_t (dir (getattr open search)))
                (allow user_wm_t lib_t (dir (getattr open search)))
                (allow user_wm_t fonts_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t fonts_t (dir (getattr open search)))
                (allow user_wm_t fonts_t (file (ioctl read getattr lock open)))
                (allow user_wm_t fonts_t (file (map)))
                (allow user_wm_t fonts_t (dir (getattr open search)))
                (allow user_wm_t fonts_t (lnk_file (read getattr)))
                (allow user_wm_t fonts_cache_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t fonts_cache_t (dir (getattr open search)))
                (allow user_wm_t fonts_cache_t (file (ioctl read getattr lock open)))
                (allow user_wm_t fonts_cache_t (file (map)))
                (allow user_wm_t fonts_cache_t (dir (getattr open search)))
                (allow user_wm_t fonts_cache_t (lnk_file (read getattr)))
                (allow user_wm_t fonts_t (dir (watch)))
                (typetransition user_wm_t root_xdrawable_t x_drawable user_wm_t)
                (typetransition user_wm_t input_xevent_t x_event user_input_xevent_t)
                (allow user_wm_t user_input_xevent_t (x_event (send)))
                (allow user_wm_t user_input_xevent_t (x_synthetic_event (send)))
                (allow user_wm_t user_input_xevent_t (x_event (receive)))
                (allow user_wm_t user_input_xevent_t (x_synthetic_event (receive)))
                (allow user_wm_t client_xevent_t (x_event (receive)))
                (allow user_wm_t client_xevent_t (x_synthetic_event (receive)))
                (allow user_wm_t xevent_t (x_event (receive)))
                (allow user_wm_t xevent_t (x_synthetic_event (receive)))
                (dontaudit user_wm_t input_xevent_type (x_event (send)))
                (allow user_wm_t xserver_t (process (siginh)))
                (allow user_wm_t xserver_exec_t (file (ioctl read getattr map execute open)))
                (allow user_wm_t xserver_t (process (transition)))
                (dontaudit user_wm_t xserver_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_wm_t xserver_exec_t process xserver_t)
                (allow xserver_t user_wm_t (fd (use)))
                (allow xserver_t user_wm_t (fifo_file (ioctl read write getattr lock append)))
                (allow xserver_t user_wm_t (process (sigchld)))
                (allow user_wm_t xsession_exec_t (file (entrypoint)))
                (allow user_wm_t xsession_exec_t (file (ioctl read getattr lock map execute open)))
                (dontaudit user_wm_t xserver_log_t (file (ioctl write append)))
                (allow user_wm_t tmp_t (dir (getattr open search)))
                (allow user_wm_t xdm_tmp_t (dir (getattr open search)))
                (allow user_wm_t xdm_tmp_t (sock_file (write getattr append open)))
                (allow user_wm_t xdm_t (unix_stream_socket (connectto)))
                (allow user_wm_t user_fonts_t (dir (ioctl read getattr lock open watch search)))
                (allow user_wm_t user_fonts_t (file (ioctl read getattr lock map open)))
                (allow user_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t user_fonts_cache_t (file (ioctl read getattr lock map open)))
                (allow user_wm_t user_fonts_config_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t user_fonts_config_t (file (ioctl read getattr lock open)))
                (allow user_wm_t user_home_dir_t (dir (getattr open search)))
                (allow user_wm_t home_root_t (dir (getattr open search)))
                (allow user_wm_t home_root_t (lnk_file (read getattr)))
                (allow user_wm_t xdg_cache_t (dir (getattr open search)))
                (allow user_wm_t xdg_cache_t (dir (getattr open search)))
                (allow user_wm_t user_home_dir_t (dir (getattr open search)))
                (allow user_wm_t home_root_t (dir (getattr open search)))
                (allow user_wm_t home_root_t (lnk_file (read getattr)))
                (allow user_wm_t var_run_t (lnk_file (read getattr)))
                (allow user_wm_t var_t (dir (getattr open search)))
                (allow user_wm_t var_run_t (dir (getattr open search)))
                (allow user_wm_t xdm_var_run_t (dir (getattr open search)))
                (allow user_wm_t xdm_var_run_t (file (ioctl read getattr lock open)))
                (allow user_wm_t tmp_t (dir (getattr open search)))
                (allow user_wm_t xdm_tmp_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t xdm_tmp_t (dir (ioctl write getattr lock open add_name search)))
                (allow user_wm_t xdm_tmp_t (sock_file (create getattr open)))
                (allow user_wm_t xdm_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t xdm_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t home_root_t (dir (getattr open search)))
                (allow user_wm_t home_root_t (lnk_file (read getattr)))
                (allow user_wm_t xsession_log_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t xserver_tmp_t (file (ioctl read write getattr lock append open)))
                (allow user_wm_t iceauth_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t iceauth_home_t (file (getattr relabelfrom relabelto)))
                (allow user_wm_t xauth_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t xauth_home_t (file (getattr relabelfrom relabelto)))
                (allow user_wm_t user_fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t user_fonts_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_wm_t user_fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t user_fonts_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t user_fonts_t (dir (getattr open search)))
                (allow user_wm_t user_fonts_t (dir (getattr relabelfrom relabelto)))
                (allow user_wm_t user_fonts_t (dir (getattr open search)))
                (allow user_wm_t user_fonts_t (file (getattr relabelfrom relabelto)))
                (allow user_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t user_fonts_cache_t (dir (getattr open search)))
                (allow user_wm_t user_fonts_cache_t (dir (getattr relabelfrom relabelto)))
                (allow user_wm_t user_fonts_cache_t (dir (getattr open search)))
                (allow user_wm_t user_fonts_cache_t (file (getattr relabelfrom relabelto)))
                (allow user_wm_t user_fonts_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t user_fonts_config_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_wm_t user_fonts_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t user_fonts_config_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t user_fonts_config_t (dir (getattr open search)))
                (allow user_wm_t user_fonts_config_t (dir (getattr relabelfrom relabelto)))
                (allow user_wm_t user_fonts_config_t (dir (getattr open search)))
                (allow user_wm_t user_fonts_config_t (file (getattr relabelfrom relabelto)))
                (allow user_wm_t mesa_shader_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t mesa_shader_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_wm_t mesa_shader_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t mesa_shader_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_wm_t mesa_shader_cache_t (file (map)))
                (allow user_wm_t mesa_shader_cache_t (dir (getattr open search)))
                (allow user_wm_t mesa_shader_cache_t (dir (getattr relabelfrom relabelto)))
                (allow user_wm_t mesa_shader_cache_t (dir (getattr open search)))
                (allow user_wm_t mesa_shader_cache_t (file (getattr relabelfrom relabelto)))
                (allow user_wm_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_wm_t home_root_t (dir (getattr open search)))
                (allow user_wm_t home_root_t (lnk_file (read getattr)))
                (allow user_wm_t var_t (dir (getattr open search)))
                (allow user_wm_t var_lib_t (dir (getattr open search)))
                (allow user_wm_t xkb_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow user_wm_t xkb_var_lib_t (dir (getattr open search)))
                (allow user_wm_t xkb_var_lib_t (file (ioctl read getattr lock open)))
                (allow user_wm_t xkb_var_lib_t (dir (getattr open search)))
                (allow user_wm_t xkb_var_lib_t (lnk_file (read getattr)))
                (allow user_wm_t xkb_var_lib_t (file (map)))
                (allow user_wm_t xdm_t (unix_stream_socket (accept)))
                (allow user_wm_t xserver_t (x_device (getattr setattr use read write getfocus setfocus bell force_cursor freeze grab manage list_property get_property set_property add remove create destroy)))
                (allow user_wm_t xserver_t (x_pointer (getattr setattr use read write getfocus setfocus bell force_cursor freeze grab manage list_property get_property set_property add remove create destroy)))
                (allow user_wm_t xserver_t (x_keyboard (getattr setattr use read write getfocus setfocus bell force_cursor freeze grab manage list_property get_property set_property add remove create destroy)))
                (allow user_application_exec_domain user_wm_t (fifo_file (write)))
                (typetransition user_wm_t user_home_dir_t file ".ICEauthority" iceauth_home_t)
                (typetransition user_wm_t user_home_dir_t file ".xsession-errors" xsession_log_t)
                (booleanif (xserver_allow_dri)
                    (true
                        (allow user_wm_t dri_device_t (chr_file (map)))
                        (allow user_wm_t dri_device_t (chr_file (ioctl read write getattr lock append open)))
                        (allow user_wm_t device_t (dir (getattr open search)))
                    )
                )
                (booleanif (or (allow_write_xshm) (xserver_client_writes_xserver_tmpfs))
                    (true
                        (allow user_wm_t xserver_tmpfs_t (file (ioctl read write getattr lock append open)))
                        (allow user_wm_t xserver_tmpfs_t (file (ioctl read write getattr lock append open)))
                    )
                )
                (booleanif (allow_write_xshm)
                    (true
                        (allow user_wm_t xserver_t (shm (getattr read write associate unix_read unix_write lock)))
                        (allow user_wm_t xserver_t (shm (getattr read write associate unix_read unix_write lock)))
                    )
                )
                (optional unprivuser_optional_250
                    (typeattributeset cil_gen_require init_t)
                    (allow user_wm_t init_t (process (sigchld)))
                    (allow user_wm_t init_t (process (signull)))
                    (optional unprivuser_optional_251
                        (typeattributeset cil_gen_require rpm_t)
                        (allow user_wm_t rpm_t (fd (use)))
                        (allow user_wm_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional unprivuser_optional_252
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit user_wm_t security_t (filesystem (getattr)))
                        (dontaudit user_wm_t sysfs_t (filesystem (getattr)))
                        (dontaudit user_wm_t sysfs_t (dir (getattr open search)))
                        (dontaudit user_wm_t security_t (dir (getattr open search)))
                        (dontaudit user_wm_t security_t (file (ioctl read getattr lock open)))
                        (optional unprivuser_optional_253
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit user_wm_t selinux_config_t (dir (getattr open search)))
                            (dontaudit user_wm_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional unprivuser_optional_254
                                (typeattributeset cil_gen_require user_systemd_t)
                                (allow user_systemd_t iceauth_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t iceauth_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t iceauth_t (lnk_file (read getattr)))
                                (allow user_systemd_t iceauth_t (process (getattr)))
                                (allow user_systemd_t iceauth_t (process (sigchld sigkill sigstop signull signal)))
                                (allow iceauth_t user_systemd_t (fd (use)))
                                (allow iceauth_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow iceauth_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow iceauth_t user_systemd_t (file (ioctl read getattr lock open)))
                                (allow iceauth_t user_systemd_t (lnk_file (read getattr)))
                                (allow iceauth_t user_systemd_t (process (getattr)))
                                (allow iceauth_t user_systemd_t (process (sigchld)))
                                (allow user_systemd_t xauth_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t xauth_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t xauth_t (lnk_file (read getattr)))
                                (allow user_systemd_t xauth_t (process (getattr)))
                                (allow user_systemd_t xauth_t (process (sigchld sigkill sigstop signull signal)))
                                (allow xauth_t user_systemd_t (fd (use)))
                                (allow xauth_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow xauth_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow xauth_t user_systemd_t (file (ioctl read getattr lock open)))
                                (allow xauth_t user_systemd_t (lnk_file (read getattr)))
                                (allow xauth_t user_systemd_t (process (getattr)))
                                (allow xauth_t user_systemd_t (process (sigchld)))
                                (allow user_systemd_t xserver_t (dir (ioctl read getattr lock open search)))
                                (allow user_systemd_t xserver_t (file (ioctl read getattr lock open)))
                                (allow user_systemd_t xserver_t (lnk_file (read getattr)))
                                (allow user_systemd_t xserver_t (process (getattr)))
                                (allow user_systemd_t xserver_t (process (sigchld sigkill sigstop signull signal)))
                                (allow xserver_t user_systemd_t (fd (use)))
                                (allow xserver_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow xserver_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow xserver_t user_systemd_t (file (ioctl read getattr lock open)))
                                (allow xserver_t user_systemd_t (lnk_file (read getattr)))
                                (allow xserver_t user_systemd_t (process (getattr)))
                                (allow xserver_t user_systemd_t (process (sigchld)))
                                (optional unprivuser_optional_255
                                    (typeattributeset cil_gen_require user_systemd_t)
                                    (allow user_systemd_t xserver_t (dir (ioctl read getattr lock open search)))
                                    (allow user_systemd_t xserver_t (file (ioctl read getattr lock open)))
                                    (allow user_systemd_t xserver_t (lnk_file (read getattr)))
                                    (allow user_systemd_t xserver_t (process (getattr)))
                                    (allow user_systemd_t xserver_t (process (sigchld sigkill sigstop signull signal)))
                                    (allow xserver_t user_systemd_t (fd (use)))
                                    (allow xserver_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                    (allow xserver_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                    (allow xserver_t user_systemd_t (file (ioctl read getattr lock open)))
                                    (allow xserver_t user_systemd_t (lnk_file (read getattr)))
                                    (allow xserver_t user_systemd_t (process (getattr)))
                                    (allow xserver_t user_systemd_t (process (sigchld)))
                                )
                            )
                            (optional unprivuser_optional_256
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require xdg_cache_t)
                                (allow user_wm_t user_home_dir_t (dir (getattr open search)))
                                (allow user_wm_t home_root_t (dir (getattr open search)))
                                (allow user_wm_t home_root_t (lnk_file (read getattr)))
                                (allow user_wm_t xdg_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow user_wm_t xdg_cache_t (dir (create getattr)))
                                (typetransition user_wm_t xdg_cache_t dir "mesa_shader_cache" mesa_shader_cache_t)
                                (optional unprivuser_optional_257
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require system_dbusd_t)
                                    (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                    (typeattributeset cil_gen_require user_dbusd_t)
                                    (typeattributeset cil_gen_require dbusd_system_bus_client)
                                    (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                    (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                    (typeattributeset cil_gen_require dbusd_etc_t)
                                    (typeattributeset cil_gen_require dbusd_session_bus_client)
                                    (typeattributeset cil_gen_require dbusd_system_bus_client)
                                    (typeattributeset dbusd_system_bus_client (user_wm_t ))
                                    (typeattributeset cil_gen_require dbusd_session_bus_client)
                                    (typeattributeset dbusd_session_bus_client (user_wm_t ))
                                    (allow user_wm_t user_dbusd_t (dbus (acquire_svc)))
                                    (allow user_wm_t user_dbusd_t (dbus (send_msg)))
                                    (allow user_wm_t self (dbus (send_msg)))
                                    (allow user_dbusd_t user_wm_t (dbus (send_msg)))
                                    (allow user_wm_t user_dbusd_t (unix_stream_socket (connectto)))
                                    (allow user_wm_t user_dbusd_t (fd (use)))
                                    (allow user_wm_t system_dbusd_t (dbus (send_msg)))
                                    (allow user_wm_t self (dbus (send_msg)))
                                    (allow system_dbusd_t user_wm_t (dbus (send_msg)))
                                    (allow user_wm_t var_t (dir (getattr open search)))
                                    (allow user_wm_t var_lib_t (dir (getattr open search)))
                                    (allow user_wm_t system_dbusd_var_lib_t (dir (getattr open search)))
                                    (allow user_wm_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                    (allow user_wm_t system_dbusd_var_lib_t (dir (getattr open search)))
                                    (allow user_wm_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                    (allow user_wm_t session_dbusd_tmp_t (dir (getattr open search)))
                                    (allow user_wm_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                    (allow user_wm_t var_run_t (lnk_file (read getattr)))
                                    (allow user_wm_t var_t (dir (getattr open search)))
                                    (allow user_wm_t var_run_t (dir (getattr open search)))
                                    (allow user_wm_t system_dbusd_runtime_t (dir (getattr open search)))
                                    (allow user_wm_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                    (allow user_wm_t system_dbusd_t (unix_stream_socket (connectto)))
                                    (allow user_wm_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                    (allow user_wm_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                    (allow user_wm_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                    (allow user_wm_t system_dbusd_runtime_t (sock_file (read)))
                                    (allow user_wm_t system_dbusd_var_lib_t (dir (getattr open search)))
                                    (allow user_wm_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                    (optional unprivuser_optional_258
                                        (typeattributeset cil_gen_require user_wm_t)
                                        (allow user_application_exec_domain user_wm_t (dbus (send_msg)))
                                        (allow user_wm_t user_application_exec_domain (dbus (send_msg)))
                                    )
                                )
                                (optional unprivuser_optional_259
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require tmp_t)
                                    (typeattributeset cil_gen_require user_runtime_t)
                                    (typeattributeset cil_gen_require user_runtime_root_t)
                                    (typeattributeset cil_gen_require gkeyringd_domain)
                                    (typeattributeset cil_gen_require gnome_keyring_tmp_t)
                                    (allow user_wm_t tmp_t (dir (getattr open search)))
                                    (allow user_wm_t user_runtime_t (dir (getattr open search)))
                                    (allow user_wm_t user_runtime_root_t (dir (getattr open search)))
                                    (allow user_wm_t var_run_t (lnk_file (read getattr)))
                                    (allow user_wm_t var_t (dir (getattr open search)))
                                    (allow user_wm_t var_run_t (dir (getattr open search)))
                                    (allow user_wm_t gnome_keyring_tmp_t (dir (getattr open search)))
                                    (allow user_wm_t gnome_keyring_tmp_t (sock_file (write getattr append open)))
                                    (allow user_wm_t gkeyringd_domain (unix_stream_socket (connectto)))
                                )
                                (optional unprivuser_optional_260
                                    (typeattributeset cil_gen_require NetworkManager_etc_t)
                                    (allow user_wm_t NetworkManager_etc_t (dir (watch)))
                                )
                                (optional unprivuser_optional_261
                                    (roleattributeset cil_gen_require policykit_auth_roles)
                                    (typeattributeset cil_gen_require bin_t)
                                    (typeattributeset cil_gen_require usr_t)
                                    (typeattributeset cil_gen_require policykit_auth_t)
                                    (typeattributeset cil_gen_require policykit_auth_exec_t)
                                    (roleattributeset cil_gen_require policykit_auth_roles)
                                    (roleattributeset policykit_auth_roles (user_r ))
                                    (allow user_wm_t bin_t (dir (getattr open search)))
                                    (allow user_wm_t bin_t (lnk_file (read getattr)))
                                    (allow user_wm_t usr_t (dir (getattr open search)))
                                    (allow user_wm_t policykit_auth_exec_t (file (ioctl read getattr map execute open)))
                                    (allow user_wm_t policykit_auth_t (process (transition)))
                                    (dontaudit user_wm_t policykit_auth_t (process (noatsecure siginh rlimitinh)))
                                    (typetransition user_wm_t policykit_auth_exec_t process policykit_auth_t)
                                    (allow policykit_auth_t user_wm_t (fd (use)))
                                    (allow policykit_auth_t user_wm_t (fifo_file (ioctl read write getattr lock append)))
                                    (allow policykit_auth_t user_wm_t (process (sigchld)))
                                    (allow user_wm_t policykit_auth_t (process (signal)))
                                )
                                (optional unprivuser_optional_262
                                    (roleattributeset cil_gen_require pulseaudio_roles)
                                    (typeattributeset cil_gen_require bin_t)
                                    (typeattributeset cil_gen_require usr_t)
                                    (typeattributeset cil_gen_require pulseaudio_t)
                                    (typeattributeset cil_gen_require pulseaudio_client)
                                    (typeattributeset cil_gen_require pulseaudio_exec_t)
                                    (roleattributeset cil_gen_require pulseaudio_roles)
                                    (roleattributeset pulseaudio_roles (user_r ))
                                    (typeattributeset cil_gen_require pulseaudio_client)
                                    (typeattributeset pulseaudio_client (user_wm_t ))
                                    (allow user_wm_t bin_t (dir (getattr open search)))
                                    (allow user_wm_t bin_t (lnk_file (read getattr)))
                                    (allow user_wm_t usr_t (dir (getattr open search)))
                                    (allow user_wm_t pulseaudio_exec_t (file (ioctl read getattr map execute open)))
                                    (allow user_wm_t pulseaudio_t (process (transition)))
                                    (dontaudit user_wm_t pulseaudio_t (process (noatsecure siginh rlimitinh)))
                                    (typetransition user_wm_t pulseaudio_exec_t process pulseaudio_t)
                                    (allow pulseaudio_t user_wm_t (fd (use)))
                                    (allow pulseaudio_t user_wm_t (fifo_file (ioctl read write getattr lock append)))
                                    (allow pulseaudio_t user_wm_t (process (sigchld)))
                                )
                                (optional unprivuser_optional_263
                                    (typeattributeset cil_gen_require user_systemd_t)
                                    (allow user_systemd_t user_wm_t (dir (ioctl read getattr lock open search)))
                                    (allow user_systemd_t user_wm_t (file (ioctl read getattr lock open)))
                                    (allow user_systemd_t user_wm_t (lnk_file (read getattr)))
                                    (allow user_systemd_t user_wm_t (process (getattr)))
                                    (allow user_systemd_t user_wm_t (process (sigchld sigkill sigstop signull signal)))
                                    (allow user_wm_t user_systemd_t (fd (use)))
                                    (allow user_wm_t user_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                    (allow user_wm_t user_systemd_t (dir (ioctl read getattr lock open search)))
                                    (allow user_wm_t user_systemd_t (file (ioctl read getattr lock open)))
                                    (allow user_wm_t user_systemd_t (lnk_file (read getattr)))
                                    (allow user_wm_t user_systemd_t (process (getattr)))
                                    (allow user_wm_t user_systemd_t (process (sigchld)))
                                )
                                (optional unprivuser_optional_264
                                    (roleattributeset cil_gen_require xscreensaver_roles)
                                    (typeattributeset cil_gen_require bin_t)
                                    (typeattributeset cil_gen_require usr_t)
                                    (typeattributeset cil_gen_require xscreensaver_t)
                                    (typeattributeset cil_gen_require xscreensaver_exec_t)
                                    (roleattributeset cil_gen_require xscreensaver_roles)
                                    (roleattributeset xscreensaver_roles (user_r ))
                                    (allow user_wm_t bin_t (dir (getattr open search)))
                                    (allow user_wm_t bin_t (lnk_file (read getattr)))
                                    (allow user_wm_t usr_t (dir (getattr open search)))
                                    (allow user_wm_t xscreensaver_exec_t (file (ioctl read getattr map execute open)))
                                    (allow user_wm_t xscreensaver_t (process (transition)))
                                    (dontaudit user_wm_t xscreensaver_t (process (noatsecure siginh rlimitinh)))
                                    (typetransition user_wm_t xscreensaver_exec_t process xscreensaver_t)
                                    (allow xscreensaver_t user_wm_t (fd (use)))
                                    (allow xscreensaver_t user_wm_t (fifo_file (ioctl read write getattr lock append)))
                                    (allow xscreensaver_t user_wm_t (process (sigchld)))
                                )
                            )
                        )
                    )
                )
            )
            (optional unprivuser_optional_265
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require android_tools_t)
                (typeattributeset cil_gen_require android_tools_exec_t)
                (typeattributeset cil_gen_require android_home_t)
                (typeattributeset cil_gen_require android_tmp_t)
                (typeattributeset cil_gen_require android_java_t)
                (typeattributeset cil_gen_require android_java_exec_t)
                (typeattributeset cil_gen_require android_sdk_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r android_tools_t)
                (roletype user_r android_java_t)
                (allow user_t android_tools_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t android_tools_t (process (transition)))
                (dontaudit user_t android_tools_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t android_tools_exec_t process android_tools_t)
                (allow android_tools_t user_t (fd (use)))
                (allow android_tools_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow android_tools_t user_t (process (sigchld)))
                (allow user_t android_java_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t android_java_t (process (transition)))
                (dontaudit user_t android_java_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t android_java_exec_t process android_java_t)
                (allow android_java_t user_t (fd (use)))
                (allow android_java_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow android_java_t user_t (process (sigchld)))
                (allow user_t android_tools_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_t android_java_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure siginh rlimitinh)))
                (allow user_t android_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t android_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t android_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t android_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t android_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t android_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t android_sdk_t (dir (getattr open search)))
                (allow user_t android_sdk_t (dir (ioctl read getattr lock open search)))
                (allow user_t android_sdk_t (dir (getattr open search)))
                (allow user_t android_sdk_t (file (ioctl read getattr lock open)))
                (allow user_t android_sdk_t (dir (getattr open search)))
                (allow user_t android_sdk_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t android_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t android_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t android_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t android_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t android_home_t (dir (getattr relabelfrom relabelto)))
                (allow user_t android_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t android_tools_exec_t (file (getattr relabelfrom relabelto)))
                (allow user_t android_tools_t (dir (ioctl read getattr lock open search)))
                (allow user_t android_tools_t (file (ioctl read getattr lock open)))
                (allow user_t android_tools_t (lnk_file (read getattr)))
                (allow user_t android_tools_t (process (getattr)))
                (allow user_t android_java_t (dir (ioctl read getattr lock open search)))
                (allow user_t android_java_t (file (ioctl read getattr lock open)))
                (allow user_t android_java_t (lnk_file (read getattr)))
                (allow user_t android_java_t (process (getattr)))
                (allow user_t android_java_t (dbus (send_msg)))
                (allow android_java_t user_t (dbus (send_msg)))
                (typetransition user_t user_home_dir_t dir ".AndroidStudio" android_home_t)
                (typetransition user_t user_home_dir_t dir ".AndroidStudioBeta" android_home_t)
                (typetransition user_t user_home_dir_t dir ".android" android_home_t)
            )
            (optional unprivuser_optional_266
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require at_exec_t)
                (typeattributeset cil_gen_require at_t)
                (typeattributeset cil_gen_require atd_t)
                (typeattributeset cil_gen_require at_job_log_t)
                (typeattributeset cil_gen_require at_job_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r at_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t ))
                (allow user_t at_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t at_t (process (transition)))
                (dontaudit user_t at_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t at_exec_t process at_t)
                (allow at_t user_t (fd (use)))
                (allow at_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow at_t user_t (process (sigchld)))
                (allow user_t at_t (process (sigchld sigkill sigstop signull signal)))
                (allow user_t at_t (dir (ioctl read getattr lock open search)))
                (allow user_t at_t (file (ioctl read getattr lock open)))
                (allow user_t at_t (lnk_file (read getattr)))
                (allow user_t at_t (process (getattr)))
                (allow atd_t user_t (process (transition)))
                (allow atd_t user_t (fd (use)))
                (allow atd_t user_t (key (view read write search link setattr create)))
                (dontaudit atd_t user_t (process (noatsecure siginh rlimitinh)))
                (allow user_t atd_t (process (sigchld)))
                (allow user_t atd_t (fd (use)))
                (allow user_t at_job_t (file (ioctl read getattr lock)))
                (allow user_t at_job_log_t (file (ioctl read write getattr lock append)))
                (allow user_t shell_exec_t (file (entrypoint)))
                (allow user_t shell_exec_t (file (ioctl read getattr lock map execute open)))
            )
            (optional unprivuser_optional_267
                (typeattributeset cil_gen_require devicekit_disk_t)
                (typeattributeset cil_gen_require devicekit_power_t)
                (allow user_t devicekit_disk_t (dbus (send_msg)))
                (allow devicekit_disk_t user_t (dbus (send_msg)))
                (allow user_t devicekit_power_t (dbus (send_msg)))
                (allow devicekit_power_t user_t (dbus (send_msg)))
            )
            (optional unprivuser_optional_268
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require dropbox_t)
                (typeattributeset cil_gen_require dropbox_content_t)
                (typeattributeset cil_gen_require dropbox_exec_t)
                (typeattributeset cil_gen_require dropbox_home_t)
                (typeattributeset cil_gen_require dropbox_tmp_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r dropbox_t)
                (allow user_t dropbox_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t dropbox_t (process (transition)))
                (dontaudit user_t dropbox_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t dropbox_exec_t process dropbox_t)
                (allow dropbox_t user_t (fd (use)))
                (allow dropbox_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow dropbox_t user_t (process (sigchld)))
                (allow user_t dropbox_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_home_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_exec_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_exec_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (allow user_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t dropbox_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t dropbox_content_t (dir (getattr relabelfrom relabelto)))
                (allow user_t dropbox_content_t (file (getattr relabelfrom relabelto)))
                (allow user_t dropbox_content_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_content_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t dropbox_content_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t dropbox_content_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t dropbox_t (dbus (send_msg)))
                (allow dropbox_t user_t (dbus (send_msg)))
                (allow user_t dropbox_t (dir (ioctl read getattr lock open search)))
                (allow user_t dropbox_t (file (ioctl read getattr lock open)))
                (allow user_t dropbox_t (lnk_file (read getattr)))
                (allow user_t dropbox_t (process (getattr)))
                (typetransition user_t dropbox_home_t file "dropboxd" dropbox_exec_t)
                (typetransition user_t dropbox_home_t file "dropbox" dropbox_exec_t)
                (typetransition user_t user_home_dir_t dir ".dropbox-dist" dropbox_home_t)
            )
            (optional unprivuser_optional_269
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require googletalk_plugin_t)
                (typeattributeset cil_gen_require googletalk_plugin_exec_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r googletalk_plugin_t)
                (allow user_t bin_t (dir (getattr open search)))
                (allow user_t bin_t (lnk_file (read getattr)))
                (allow user_t usr_t (dir (getattr open search)))
                (allow user_t googletalk_plugin_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t googletalk_plugin_t (process (transition)))
                (dontaudit user_t googletalk_plugin_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t googletalk_plugin_exec_t process googletalk_plugin_t)
                (allow googletalk_plugin_t user_t (fd (use)))
                (allow googletalk_plugin_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow googletalk_plugin_t user_t (process (sigchld)))
            )
            (optional unprivuser_optional_270
                (typeattributeset cil_gen_require gorg_t)
                (typeattributeset cil_gen_require gorg_exec_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r gorg_t)
                (allow user_t gorg_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t gorg_t (process (transition)))
                (dontaudit user_t gorg_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t gorg_exec_t process gorg_t)
                (allow user_t gorg_t (process (noatsecure siginh rlimitinh)))
                (allow gorg_t user_t (fd (use)))
                (allow gorg_t user_t (process (sigchld signull)))
                (allow user_t gorg_t (dir (ioctl read getattr lock open search)))
                (allow user_t gorg_t (file (ioctl read getattr lock open)))
                (allow user_t gorg_t (lnk_file (read getattr)))
                (allow user_t gorg_t (process (getattr)))
                (allow user_t gorg_t (process (sigchld sigkill sigstop signull signal)))
                (allow gorg_t user_t (fifo_file (write)))
            )
            (optional unprivuser_optional_271
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require kdeconnect_t)
                (typeattributeset cil_gen_require kdeconnect_exec_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r kdeconnect_t)
                (allow user_t bin_t (dir (getattr open search)))
                (allow user_t bin_t (lnk_file (read getattr)))
                (allow user_t usr_t (dir (getattr open search)))
                (allow user_t kdeconnect_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t kdeconnect_t (process (transition)))
                (dontaudit user_t kdeconnect_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t kdeconnect_exec_t process kdeconnect_t)
                (allow kdeconnect_t user_t (fd (use)))
                (allow kdeconnect_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow kdeconnect_t user_t (process (sigchld)))
                (allow user_t kdeconnect_t (unix_stream_socket (connectto)))
                (allow kdeconnect_t user_t (unix_stream_socket (read write connectto)))
                (allow user_t kdeconnect_t (dir (ioctl read getattr lock open search)))
                (allow user_t kdeconnect_t (file (ioctl read getattr lock open)))
                (allow user_t kdeconnect_t (lnk_file (read getattr)))
                (allow user_t kdeconnect_t (process (getattr)))
                (allow user_t kdeconnect_t (process (sigkill signull signal)))
                (allow user_t kdeconnect_t (dbus (send_msg)))
                (allow kdeconnect_t user_t (dbus (send_msg)))
            )
            (optional unprivuser_optional_272
                (typeattributeset cil_gen_require links_t)
                (typeattributeset cil_gen_require links_exec_t)
                (typeattributeset cil_gen_require links_home_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r links_t)
                (allow user_t links_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t links_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t links_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t links_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t links_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t links_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t links_home_t (dir (getattr open search)))
                (allow user_t links_home_t (dir (getattr relabelfrom relabelto)))
                (allow user_t links_home_t (dir (getattr open search)))
                (allow user_t links_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t links_home_t (dir (getattr open search)))
                (allow user_t links_home_t (lnk_file (getattr relabelfrom relabelto)))
                (allow user_t links_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t links_t (process (transition)))
                (dontaudit user_t links_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t links_exec_t process links_t)
                (allow links_t user_t (fd (use)))
                (allow links_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow links_t user_t (process (sigchld)))
                (allow user_t links_t (dir (ioctl read getattr lock open search)))
                (allow user_t links_t (file (ioctl read getattr lock open)))
                (allow user_t links_t (lnk_file (read getattr)))
                (allow user_t links_t (process (getattr)))
            )
            (optional unprivuser_optional_273
                (typeattributeset cil_gen_require mutt_t)
                (typeattributeset cil_gen_require mutt_exec_t)
                (typeattributeset cil_gen_require mutt_home_t)
                (typeattributeset cil_gen_require mutt_conf_t)
                (typeattributeset cil_gen_require mutt_tmp_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r mutt_t)
                (allow user_t mutt_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t mutt_t (process (transition)))
                (dontaudit user_t mutt_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t mutt_exec_t process mutt_t)
                (allow mutt_t user_t (fd (use)))
                (allow mutt_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow mutt_t user_t (process (sigchld)))
                (allow user_t mutt_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_t mutt_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t mutt_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mutt_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t mutt_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t mutt_conf_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t mutt_conf_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t mutt_conf_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t mutt_conf_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t mutt_home_t (dir (getattr open search)))
                (allow user_t mutt_home_t (dir (getattr relabelfrom relabelto)))
                (allow user_t mutt_home_t (dir (getattr open search)))
                (allow user_t mutt_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t mutt_conf_t (dir (getattr open search)))
                (allow user_t mutt_conf_t (dir (getattr relabelfrom relabelto)))
                (allow user_t mutt_conf_t (dir (getattr open search)))
                (allow user_t mutt_conf_t (file (getattr relabelfrom relabelto)))
                (allow user_t mutt_tmp_t (dir (getattr open search)))
                (allow user_t mutt_tmp_t (dir (getattr relabelfrom relabelto)))
                (allow user_t mutt_tmp_t (dir (getattr open search)))
                (allow user_t mutt_tmp_t (file (getattr relabelfrom relabelto)))
                (allow user_t mutt_t (dir (ioctl read getattr lock open search)))
                (allow user_t mutt_t (file (ioctl read getattr lock open)))
                (allow user_t mutt_t (lnk_file (read getattr)))
                (allow user_t mutt_t (process (getattr)))
            )
            (optional unprivuser_optional_274
                (typeattributeset cil_gen_require pan_t)
                (typeattributeset cil_gen_require pan_exec_t)
                (typeattributeset cil_gen_require pan_home_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r pan_t)
                (allow user_t pan_t (process (sigchld sigkill sigstop signull signal)))
                (allow user_t pan_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t pan_t (process (transition)))
                (dontaudit user_t pan_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t pan_exec_t process pan_t)
                (allow pan_t user_t (fd (use)))
                (allow pan_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow pan_t user_t (process (sigchld)))
                (allow user_t pan_t (dir (ioctl read getattr lock open search)))
                (allow user_t pan_t (file (ioctl read getattr lock open)))
                (allow user_t pan_t (lnk_file (read getattr)))
                (allow user_t pan_t (process (getattr)))
                (allow user_t pan_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t pan_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t pan_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t pan_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t pan_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t pan_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t pan_home_t (dir (getattr open search)))
                (allow user_t pan_home_t (dir (getattr relabelfrom relabelto)))
                (allow user_t pan_home_t (dir (getattr open search)))
                (allow user_t pan_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t pan_home_t (dir (getattr open search)))
                (allow user_t pan_home_t (lnk_file (getattr relabelfrom relabelto)))
            )
            (optional unprivuser_optional_275
                (typeattributeset cil_gen_require rtorrent_t)
                (typeattributeset cil_gen_require rtorrent_exec_t)
                (typeattributeset cil_gen_require rtorrent_home_t)
                (typeattributeset cil_gen_require rtorrent_session_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r rtorrent_t)
                (allow user_t rtorrent_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t rtorrent_t (process (transition)))
                (dontaudit user_t rtorrent_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t rtorrent_exec_t process rtorrent_t)
                (allow rtorrent_t user_t (fd (use)))
                (allow rtorrent_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow rtorrent_t user_t (process (sigchld)))
                (allow user_t rtorrent_t (process (sigchld sigkill sigstop signull signal)))
                (allow user_t rtorrent_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t rtorrent_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t rtorrent_session_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t rtorrent_session_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t rtorrent_session_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t rtorrent_session_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t rtorrent_t (dir (ioctl read getattr lock open search)))
                (allow user_t rtorrent_t (file (ioctl read getattr lock open)))
                (allow user_t rtorrent_t (lnk_file (read getattr)))
                (allow user_t rtorrent_t (process (getattr)))
            )
            (optional unprivuser_optional_276
                (typeattributeset cil_gen_require skype_t)
                (typeattributeset cil_gen_require skype_exec_t)
                (typeattributeset cil_gen_require skype_home_t)
                (roleattributeset cil_gen_require user_r)
                (roletype user_r skype_t)
                (allow user_t skype_exec_t (file (ioctl read getattr map execute open)))
                (allow user_t skype_t (process (transition)))
                (dontaudit user_t skype_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_t skype_exec_t process skype_t)
                (allow skype_t user_t (fd (use)))
                (allow skype_t user_t (fifo_file (ioctl read write getattr lock append)))
                (allow skype_t user_t (process (sigchld)))
                (allow user_t skype_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (dontaudit skype_t user_t (unix_stream_socket (connectto)))
                (allow user_t skype_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t skype_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t skype_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t skype_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow user_t skype_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t skype_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow user_t skype_home_t (dir (getattr open search)))
                (allow user_t skype_home_t (dir (getattr relabelfrom relabelto)))
                (allow user_t skype_home_t (dir (getattr open search)))
                (allow user_t skype_home_t (file (getattr relabelfrom relabelto)))
                (allow user_t skype_home_t (dir (getattr open search)))
                (allow user_t skype_home_t (lnk_file (getattr relabelfrom relabelto)))
                (allow user_t skype_t (dir (ioctl read getattr lock open search)))
                (allow user_t skype_t (file (ioctl read getattr lock open)))
                (allow user_t skype_t (lnk_file (read getattr)))
                (allow user_t skype_t (process (getattr)))
            )
            (optional unprivuser_optional_277
                (roleattributeset cil_gen_require wine_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require wine_exec_t)
                (typeattributeset cil_gen_require wine_t)
                (typeattributeset cil_gen_require wine_tmp_t)
                (typeattributeset cil_gen_require wine_home_t)
                (roleattributeset cil_gen_require wine_roles)
                (roleattributeset wine_roles (user_r ))
                (allow user_application_exec_domain wine_exec_t (file (ioctl read getattr map execute open)))
                (allow user_application_exec_domain wine_t (process (transition)))
                (dontaudit user_application_exec_domain wine_t (process (noatsecure siginh rlimitinh)))
                (typetransition user_application_exec_domain wine_exec_t process wine_t)
                (allow wine_t user_application_exec_domain (fd (use)))
                (allow wine_t user_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow wine_t user_application_exec_domain (process (sigchld)))
                (allow wine_t user_application_exec_domain (unix_stream_socket (connectto)))
                (allow wine_t user_application_exec_domain (process (signull)))
                (allow user_application_exec_domain wine_t (dir (ioctl read getattr lock open search)))
                (allow user_application_exec_domain wine_t (file (ioctl read getattr lock open)))
                (allow user_application_exec_domain wine_t (lnk_file (read getattr)))
                (allow user_application_exec_domain wine_t (process (getattr)))
                (allow user_application_exec_domain wine_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow user_application_exec_domain wine_t (fd (use)))
                (allow user_application_exec_domain wine_t (shm (getattr associate)))
                (allow user_application_exec_domain wine_t (shm (getattr read write associate unix_read unix_write lock)))
                (allow user_application_exec_domain wine_t (unix_stream_socket (connectto)))
                (allow user_t wine_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t wine_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow user_t wine_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t wine_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow user_t wine_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow user_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow user_t home_root_t (dir (getattr open search)))
                (allow user_t home_root_t (lnk_file (read getattr)))
                (typetransition user_t user_home_dir_t dir ".wine" wine_home_t)
            )
        )
    )
)
