

------------------------
Policy set in the kernel
------------------------


---------------------------------------------------------------
Domain Name: appDom  Kernel Id: 2  Enforcement Level: enforcing
---------------------------------------------------------------
-a appObj file_create grant
-a appObj file_delete grant
-a appObj file_read grant
-a appObj file_write grant
-a authObj file_read grant
-a pluginObj file_read grant
-a secpolicyObj file_read grant
-a swMgmtObj file_read grant


-c inet_dgram_socket_create grant
-c inet_stream_socket_create grant
-c unix_dgram_socket_bind grant
-c unix_socket_create grant
-c unix_stream_socket_bind grant


-p inet_socket_connect nonloopback grant
-p inet_socket_connect loopback grant


-s genericSys grant
-s ioctlSys grant
-s getpgidSys grant
-s getsidSys grant
-s vsiReadSys grant
-s moduleSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s forkSys grant
-s execSys grant
-s cloneSys grant





------------------------------------------------------------------
Domain Name: pluginDom  Kernel Id: 3  Enforcement Level: enforcing
------------------------------------------------------------------
-a appObj file_exec grant
-a appObj file_read grant
-a authObj file_read grant
-a pluginObj file_read grant
-a secpolicyObj file_read grant
-a swMgmtObj file_read grant


-c inet_dgram_socket_create grant
-c inet_stream_socket_create grant
-c unix_dgram_socket_bind grant
-c unix_socket_create grant
-c unix_stream_socket_bind grant


-p inet_socket_connect nonloopback grant
-p inet_socket_connect loopback grant


-s genericSys grant
-s ioctlSys grant
-s getpgidSys grant
-s getsidSys grant
-s vsiReadSys grant
-s moduleSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s execSys grant
-s cloneSys grant





---------------------------------------------------------------------------
Domain Name: pluginFrameworkDom  Kernel Id: 4  Enforcement Level: enforcing
---------------------------------------------------------------------------
-a appObj file_exec grant
-a appObj file_read grant
-a authObj file_read grant
-a pluginObj file_read grant
-a sslKeyObj file_read grant
-a swMgmtObj file_read grant


-c inet_dgram_socket_create grant
-c inet_stream_socket_create grant
-c unix_dgram_socket_bind grant
-c unix_socket_create grant
-c unix_stream_socket_bind grant


-d pluginObj pluginDom file_mmap_exec grant
-d swMgmtObj swMgmtDom file_mmap_exec grant


-p inet_socket_bind all grant
-p inet_socket_connect nonloopback grant
-p inet_socket_connect loopback grant


-s genericSys grant
-s ioctlSys grant
-s getpgidSys grant
-s getsidSys grant
-s adminSys grant
-s vobSys grant
-s vsiReadSys grant
-s vsiWriteSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s forkSys grant
-s execSys grant
-s forkExecSys grant
-s cloneSys grant





---------------------------------------------------------------------
Domain Name: regularVMDom  Kernel Id: 1  Enforcement Level: enforcing
---------------------------------------------------------------------
-a appObj file_create grant
-a appObj file_delete grant
-a appObj file_exec grant
-a appObj file_read grant
-a appObj file_write grant
-a appObj unix_dgram_socket_connect grant
-a appObj unix_stream_socket_connect grant
-a authObj file_create grant
-a authObj file_delete grant
-a authObj file_exec grant
-a authObj file_read grant
-a authObj file_write grant
-a authObj unix_dgram_socket_connect grant
-a authObj unix_stream_socket_connect grant
-a certObj file_create grant
-a certObj file_delete grant
-a certObj file_exec grant
-a certObj file_read grant
-a certObj file_write grant
-a certObj unix_dgram_socket_connect grant
-a certObj unix_stream_socket_connect grant
-a cimObj file_create grant
-a cimObj file_delete grant
-a cimObj file_exec grant
-a cimObj file_read grant
-a cimObj file_write grant
-a cimObj unix_dgram_socket_connect grant
-a cimObj unix_stream_socket_connect grant
-a pluginObj file_create grant
-a pluginObj file_delete grant
-a pluginObj file_exec grant
-a pluginObj file_read grant
-a pluginObj file_write grant
-a pluginObj unix_dgram_socket_connect grant
-a pluginObj unix_stream_socket_connect grant
-a secpolicyObj file_create grant
-a secpolicyObj file_delete grant
-a secpolicyObj file_exec grant
-a secpolicyObj file_read grant
-a secpolicyObj file_write grant
-a secpolicyObj unix_dgram_socket_connect grant
-a secpolicyObj unix_stream_socket_connect grant
-a sslKeyObj file_create grant
-a sslKeyObj file_delete grant
-a sslKeyObj file_exec grant
-a sslKeyObj file_read grant
-a sslKeyObj file_write grant
-a sslKeyObj unix_dgram_socket_connect grant
-a sslKeyObj unix_stream_socket_connect grant
-a swMgmtObj file_create grant
-a swMgmtObj file_delete grant
-a swMgmtObj file_exec grant
-a swMgmtObj file_read grant
-a swMgmtObj file_write grant
-a swMgmtObj unix_dgram_socket_connect grant
-a swMgmtObj unix_stream_socket_connect grant
-a tardiskMountObj file_create grant
-a tardiskMountObj file_delete grant
-a tardiskMountObj file_exec grant
-a tardiskMountObj file_read grant
-a tardiskMountObj file_write grant
-a tardiskMountObj unix_dgram_socket_connect grant
-a tardiskMountObj unix_stream_socket_connect grant
-a unlabeled file_create grant
-a unlabeled file_delete grant
-a unlabeled file_exec grant
-a unlabeled file_read grant
-a unlabeled file_write grant
-a unlabeled unix_dgram_socket_connect grant
-a unlabeled unix_stream_socket_connect grant


-c dgram_vsocket_bind grant
-c dgram_vsocket_create grant
-c dgram_vsocket_send grant
-c dgram_vsocket_trusted grant
-c inet_dgram_socket_create grant
-c inet_raw_socket_create grant
-c inet_stream_socket_create grant
-c stream_vsocket_bind grant
-c stream_vsocket_connect grant
-c stream_vsocket_create grant
-c stream_vsocket_trusted grant
-c unix_dgram_socket_bind grant
-c unix_socket_create grant
-c unix_stream_socket_bind grant
-c unix_vmklink_socket_connect grant
-c vsocket_provide_service grant


-p inet_socket_bind all grant
-p inet_socket_connect loopback grant
-p inet_socket_connect nonloopback grant


-s genericSys grant
-s vmxSys grant
-s vmkacSys grant
-s vmfsSys grant
-s mountSys grant
-s umountSys grant
-s timeSys grant
-s ioctlSys grant
-s setpgidSys grant
-s getpgidSys grant
-s getsidSys grant
-s adminSys grant
-s vobSys grant
-s vsiReadSys grant
-s vsiWriteSys grant
-s moduleSys grant
-s rpcSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s schedulerSys grant
-s forkSys grant
-s execSys grant
-s forkExecSys grant
-s cloneSys grant
-s ptraceSys grant
-s storageSys grant
-s ioplSys grant





-----------------------------------------------------------------
Domain Name: superDom  Kernel Id: 0  Enforcement Level: enforcing
-----------------------------------------------------------------
-a appObj file_create grant
-a appObj file_delete grant
-a appObj file_exec grant
-a appObj file_read grant
-a appObj file_write grant
-a appObj unix_dgram_socket_connect grant
-a appObj unix_stream_socket_connect grant
-a authObj file_create grant
-a authObj file_delete grant
-a authObj file_exec grant
-a authObj file_read grant
-a authObj file_write grant
-a authObj unix_dgram_socket_connect grant
-a authObj unix_stream_socket_connect grant
-a certObj file_create grant
-a certObj file_delete grant
-a certObj file_exec grant
-a certObj file_read grant
-a certObj file_write grant
-a certObj unix_dgram_socket_connect grant
-a certObj unix_stream_socket_connect grant
-a cimObj file_create grant
-a cimObj file_delete grant
-a cimObj file_exec grant
-a cimObj file_read grant
-a cimObj file_write grant
-a cimObj unix_dgram_socket_connect grant
-a cimObj unix_stream_socket_connect grant
-a pluginObj file_create grant
-a pluginObj file_delete grant
-a pluginObj file_exec grant
-a pluginObj file_read grant
-a pluginObj file_write grant
-a pluginObj unix_dgram_socket_connect grant
-a pluginObj unix_stream_socket_connect grant
-a secpolicyObj file_create grant
-a secpolicyObj file_delete grant
-a secpolicyObj file_exec grant
-a secpolicyObj file_read grant
-a secpolicyObj file_write grant
-a secpolicyObj unix_dgram_socket_connect grant
-a secpolicyObj unix_stream_socket_connect grant
-a sslKeyObj file_create grant
-a sslKeyObj file_delete grant
-a sslKeyObj file_exec grant
-a sslKeyObj file_read grant
-a sslKeyObj file_write grant
-a sslKeyObj unix_dgram_socket_connect grant
-a sslKeyObj unix_stream_socket_connect grant
-a swMgmtObj file_create grant
-a swMgmtObj file_delete grant
-a swMgmtObj file_exec grant
-a swMgmtObj file_read grant
-a swMgmtObj file_write grant
-a swMgmtObj unix_dgram_socket_connect grant
-a swMgmtObj unix_stream_socket_connect grant
-a tardiskMountObj file_create grant
-a tardiskMountObj file_delete grant
-a tardiskMountObj file_exec grant
-a tardiskMountObj file_read grant
-a tardiskMountObj file_write grant
-a tardiskMountObj unix_dgram_socket_connect grant
-a tardiskMountObj unix_stream_socket_connect grant
-a unlabeled file_create grant
-a unlabeled file_delete grant
-a unlabeled file_exec grant
-a unlabeled file_read grant
-a unlabeled file_write grant
-a unlabeled unix_dgram_socket_connect grant
-a unlabeled unix_stream_socket_connect grant


-c dgram_vsocket_bind grant
-c dgram_vsocket_create grant
-c dgram_vsocket_send grant
-c dgram_vsocket_trusted grant
-c inet_dgram_socket_create grant
-c inet_raw_socket_create grant
-c inet_stream_socket_create grant
-c stream_vsocket_bind grant
-c stream_vsocket_connect grant
-c stream_vsocket_create grant
-c stream_vsocket_trusted grant
-c unix_dgram_socket_bind grant
-c unix_socket_create grant
-c unix_stream_socket_bind grant
-c unix_vmklink_socket_connect grant
-c vsocket_provide_service grant


-d appObj appDom file_exec grant


-s genericSys grant
-s vmxSys grant
-s vmkacSys grant
-s vmfsSys grant
-s mountSys grant
-s umountSys grant
-s timeSys grant
-s ioctlSys grant
-s setpgidSys grant
-s getpgidSys grant
-s getsidSys grant
-s adminSys grant
-s vobSys grant
-s vsiReadSys grant
-s vsiWriteSys grant
-s moduleSys grant
-s rpcSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s schedulerSys grant
-s forkSys grant
-s execSys grant
-s forkExecSys grant
-s cloneSys grant
-s ptraceSys grant
-s storageSys grant
-s ioplSys grant





------------------------------------------------------------------
Domain Name: swMgmtDom  Kernel Id: 5  Enforcement Level: enforcing
------------------------------------------------------------------
-a appObj file_create grant
-a appObj file_delete grant
-a appObj file_read grant
-a appObj file_write grant
-a authObj file_read grant
-a authObj file_write grant
-a certObj file_create grant
-a certObj file_delete grant
-a certObj file_read grant
-a certObj file_write grant
-a pluginObj file_create grant
-a pluginObj file_delete grant
-a pluginObj file_read grant
-a pluginObj file_write grant
-a secpolicyObj file_create grant
-a secpolicyObj file_delete grant
-a secpolicyObj file_read grant
-a secpolicyObj file_write grant
-a sslKeyObj file_create grant
-a sslKeyObj file_delete grant
-a sslKeyObj file_read grant
-a sslKeyObj file_write grant
-a swMgmtObj file_create grant
-a swMgmtObj file_delete grant
-a swMgmtObj file_read grant
-a swMgmtObj file_write grant
-a tardiskMountObj file_create grant
-a tardiskMountObj file_delete grant
-a tardiskMountObj file_read grant
-a tardiskMountObj file_write grant


-c inet_dgram_socket_create grant
-c inet_stream_socket_create grant
-c unix_socket_create grant


-p inet_socket_connect nonloopback grant
-p inet_socket_connect loopback grant


-s genericSys grant
-s vmkacSys grant
-s mountSys grant
-s umountSys grant
-s ioctlSys grant
-s setpgidSys grant
-s getpgidSys grant
-s getsidSys grant
-s adminSys grant
-s vsiReadSys grant
-s vsiWriteSys grant
-s moduleSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s schedulerSys grant
-s forkSys grant
-s execSys grant
-s forkExecSys grant
-s cloneSys grant





---------------------------------
Objects Defined: Name (Kernel Id)
---------------------------------
appObj (97)
authObj (99)
certObj (100)
cimObj (94)
pluginObj (95)
secpolicyObj (93)
sslKeyObj (98)
swMgmtObj (96)
tardiskMountObj (101)
unlabeled (0)


--------------------
Tardisk Path (label)
--------------------
/tardisks/ata-pata.v00 (appObj)
/tardisks/ata-pata.v01 (appObj)
/tardisks/ata-pata.v02 (appObj)
/tardisks/ata-pata.v03 (appObj)
/tardisks/ata-pata.v04 (appObj)
/tardisks/ata-pata.v05 (appObj)
/tardisks/ata-pata.v06 (appObj)
/tardisks/ata-pata.v07 (appObj)
/tardisks/block-cc.v00 (appObj)
/tardisks/ehci-ehc.v00 (appObj)
/tardisks/s.v00 (unlabeled)
/tardisks/ima-qla4.v00 (appObj)
/tardisks/ipmi-ipm.v00 (appObj)
/tardisks/ipmi-ipm.v01 (appObj)
/tardisks/ipmi-ipm.v02 (appObj)
/tardisks/misc-cni.v00 (appObj)
/tardisks/misc-dri.v00 (appObj)
/tardisks/net-be2n.v00 (appObj)
/tardisks/net-bnx2.v00 (appObj)
/tardisks/net-bnx2.v01 (appObj)
/tardisks/net-cnic.v00 (appObj)
/tardisks/net-e100.v00 (appObj)
/tardisks/net-e100.v01 (appObj)
/tardisks/net-enic.v00 (appObj)
/tardisks/net-forc.v00 (appObj)
/tardisks/net-igb.v00 (appObj)
/tardisks/net-ixgb.v00 (appObj)
/tardisks/net-nx-n.v00 (appObj)
/tardisks/net-r816.v00 (appObj)
/tardisks/net-r816.v01 (appObj)
/tardisks/net-s2io.v00 (appObj)
/tardisks/net-sky2.v00 (appObj)
/tardisks/net-tg3.v00 (appObj)
/tardisks/ohci-usb.v00 (appObj)
/tardisks/sata-ahc.v00 (appObj)
/tardisks/sata-ata.v00 (appObj)
/tardisks/sata-sat.v00 (appObj)
/tardisks/sata-sat.v01 (appObj)
/tardisks/sata-sat.v02 (appObj)
/tardisks/sata-sat.v03 (appObj)
/tardisks/scsi-aac.v00 (appObj)
/tardisks/scsi-adp.v00 (appObj)
/tardisks/scsi-aic.v00 (appObj)
/tardisks/scsi-bnx.v00 (appObj)
/tardisks/scsi-fni.v00 (appObj)
/tardisks/scsi-hps.v00 (appObj)
/tardisks/scsi-ips.v00 (appObj)
/tardisks/scsi-lpf.v00 (appObj)
/tardisks/scsi-meg.v00 (appObj)
/tardisks/scsi-meg.v01 (appObj)
/tardisks/scsi-meg.v02 (appObj)
/tardisks/scsi-mpt.v00 (appObj)
/tardisks/scsi-mpt.v01 (appObj)
/tardisks/scsi-mpt.v02 (appObj)
/tardisks/scsi-qla.v00 (appObj)
/tardisks/scsi-qla.v01 (appObj)
/tardisks/uhci-usb.v00 (appObj)
/tardisks/imgdb.tgz (appObj)
/tardisks/state.tgz (appObj)
