

------------------------
Policy set in the kernel
------------------------


---------------------------------------------------------------
Domain Name: appDom  Kernel Id: 2  Enforcement Level: enforcing
---------------------------------------------------------------
-a appObj file_create grant
-a appObj file_delete grant
-a appObj file_exec grant
-a appObj file_read grant
-a appObj file_write grant
-a authObj file_read grant
-a pluginObj file_read grant
-a secpolicyObj file_read grant
-a swMgmtObj file_read grant


-c inet_dgram_socket_create grant
-c inet_stream_socket_create grant
-c unix_dgram_socket_bind grant
-c unix_socket_create grant
-c unix_stream_socket_bind grant


-p inet_socket_connect nonloopback grant
-p inet_socket_connect loopback grant


-s genericSys grant
-s ioctlSys grant
-s getpgidSys grant
-s getsidSys grant
-s vsiReadSys grant
-s moduleSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s forkSys grant
-s execSys grant
-s cloneSys grant





------------------------------------------------------------------
Domain Name: pluginDom  Kernel Id: 3  Enforcement Level: enforcing
------------------------------------------------------------------
-a appObj file_exec grant
-a appObj file_read grant
-a authObj file_read grant
-a pluginObj file_read grant
-a secpolicyObj file_read grant
-a swMgmtObj file_read grant


-c inet_dgram_socket_create grant
-c inet_stream_socket_create grant
-c unix_dgram_socket_bind grant
-c unix_socket_create grant
-c unix_stream_socket_bind grant


-p inet_socket_connect nonloopback grant
-p inet_socket_connect loopback grant


-s genericSys grant
-s ioctlSys grant
-s getpgidSys grant
-s getsidSys grant
-s vsiReadSys grant
-s moduleSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s execSys grant
-s cloneSys grant





---------------------------------------------------------------------------
Domain Name: pluginFrameworkDom  Kernel Id: 4  Enforcement Level: enforcing
---------------------------------------------------------------------------
-a appObj file_exec grant
-a appObj file_read grant
-a authObj file_read grant
-a pluginObj file_read grant
-a sslKeyObj file_read grant
-a swMgmtObj file_read grant


-c inet_dgram_socket_create grant
-c inet_stream_socket_create grant
-c unix_dgram_socket_bind grant
-c unix_socket_create grant
-c unix_stream_socket_bind grant


-d pluginObj pluginDom file_mmap_exec grant
-d swMgmtObj swMgmtDom file_mmap_exec grant


-p inet_socket_bind all grant
-p inet_socket_connect nonloopback grant
-p inet_socket_connect loopback grant


-s genericSys grant
-s ioctlSys grant
-s getpgidSys grant
-s getsidSys grant
-s adminSys grant
-s vobSys grant
-s vsiReadSys grant
-s vsiWriteSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s forkSys grant
-s execSys grant
-s forkExecSys grant
-s cloneSys grant





---------------------------------------------------------------------
Domain Name: regularVMDom  Kernel Id: 1  Enforcement Level: enforcing
---------------------------------------------------------------------
-a appObj file_create grant
-a appObj file_delete grant
-a appObj file_exec grant
-a appObj file_read grant
-a appObj file_write grant
-a appObj unix_dgram_socket_connect grant
-a appObj unix_stream_socket_connect grant
-a authObj file_create grant
-a authObj file_delete grant
-a authObj file_exec grant
-a authObj file_read grant
-a authObj file_write grant
-a authObj unix_dgram_socket_connect grant
-a authObj unix_stream_socket_connect grant
-a certObj file_create grant
-a certObj file_delete grant
-a certObj file_exec grant
-a certObj file_read grant
-a certObj file_write grant
-a certObj unix_dgram_socket_connect grant
-a certObj unix_stream_socket_connect grant
-a cimObj file_create grant
-a cimObj file_delete grant
-a cimObj file_exec grant
-a cimObj file_read grant
-a cimObj file_write grant
-a cimObj unix_dgram_socket_connect grant
-a cimObj unix_stream_socket_connect grant
-a pluginObj file_create grant
-a pluginObj file_delete grant
-a pluginObj file_exec grant
-a pluginObj file_read grant
-a pluginObj file_write grant
-a pluginObj unix_dgram_socket_connect grant
-a pluginObj unix_stream_socket_connect grant
-a secpolicyObj file_create grant
-a secpolicyObj file_delete grant
-a secpolicyObj file_exec grant
-a secpolicyObj file_read grant
-a secpolicyObj file_write grant
-a secpolicyObj unix_dgram_socket_connect grant
-a secpolicyObj unix_stream_socket_connect grant
-a sslKeyObj file_create grant
-a sslKeyObj file_delete grant
-a sslKeyObj file_exec grant
-a sslKeyObj file_read grant
-a sslKeyObj file_write grant
-a sslKeyObj unix_dgram_socket_connect grant
-a sslKeyObj unix_stream_socket_connect grant
-a swMgmtObj file_create grant
-a swMgmtObj file_delete grant
-a swMgmtObj file_exec grant
-a swMgmtObj file_read grant
-a swMgmtObj file_write grant
-a swMgmtObj unix_dgram_socket_connect grant
-a swMgmtObj unix_stream_socket_connect grant
-a tardiskMountObj file_create grant
-a tardiskMountObj file_delete grant
-a tardiskMountObj file_exec grant
-a tardiskMountObj file_read grant
-a tardiskMountObj file_write grant
-a tardiskMountObj unix_dgram_socket_connect grant
-a tardiskMountObj unix_stream_socket_connect grant
-a unlabeled file_create grant
-a unlabeled file_delete grant
-a unlabeled file_exec grant
-a unlabeled file_read grant
-a unlabeled file_write grant
-a unlabeled unix_dgram_socket_connect grant
-a unlabeled unix_stream_socket_connect grant


-c dgram_vsocket_bind grant
-c dgram_vsocket_create grant
-c dgram_vsocket_send grant
-c dgram_vsocket_trusted grant
-c inet_dgram_socket_create grant
-c inet_raw_socket_create grant
-c inet_stream_socket_create grant
-c stream_vsocket_bind grant
-c stream_vsocket_connect grant
-c stream_vsocket_create grant
-c stream_vsocket_trusted grant
-c unix_dgram_socket_bind grant
-c unix_socket_create grant
-c unix_stream_socket_bind grant
-c unix_vmklink_socket_connect grant
-c vsocket_provide_service grant


-p inet_socket_bind all grant
-p inet_socket_connect loopback grant
-p inet_socket_connect nonloopback grant


-s genericSys grant
-s vmxSys grant
-s vmkacSys grant
-s vmfsSys grant
-s mountSys grant
-s umountSys grant
-s timeSys grant
-s ioctlSys grant
-s setpgidSys grant
-s getpgidSys grant
-s getsidSys grant
-s adminSys grant
-s vobSys grant
-s vsiReadSys grant
-s vsiWriteSys grant
-s moduleSys grant
-s rpcSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s schedulerSys grant
-s forkSys grant
-s execSys grant
-s forkExecSys grant
-s cloneSys grant
-s ptraceSys grant
-s storageSys grant
-s ioplSys grant





-----------------------------------------------------------------
Domain Name: superDom  Kernel Id: 0  Enforcement Level: enforcing
-----------------------------------------------------------------
-a appObj file_create grant
-a appObj file_delete grant
-a appObj file_exec grant
-a appObj file_read grant
-a appObj file_write grant
-a appObj unix_dgram_socket_connect grant
-a appObj unix_stream_socket_connect grant
-a authObj file_create grant
-a authObj file_delete grant
-a authObj file_exec grant
-a authObj file_read grant
-a authObj file_write grant
-a authObj unix_dgram_socket_connect grant
-a authObj unix_stream_socket_connect grant
-a certObj file_create grant
-a certObj file_delete grant
-a certObj file_exec grant
-a certObj file_read grant
-a certObj file_write grant
-a certObj unix_dgram_socket_connect grant
-a certObj unix_stream_socket_connect grant
-a cimObj file_create grant
-a cimObj file_delete grant
-a cimObj file_exec grant
-a cimObj file_read grant
-a cimObj file_write grant
-a cimObj unix_dgram_socket_connect grant
-a cimObj unix_stream_socket_connect grant
-a pluginObj file_create grant
-a pluginObj file_delete grant
-a pluginObj file_exec grant
-a pluginObj file_read grant
-a pluginObj file_write grant
-a pluginObj unix_dgram_socket_connect grant
-a pluginObj unix_stream_socket_connect grant
-a secpolicyObj file_create grant
-a secpolicyObj file_delete grant
-a secpolicyObj file_exec grant
-a secpolicyObj file_read grant
-a secpolicyObj file_write grant
-a secpolicyObj unix_dgram_socket_connect grant
-a secpolicyObj unix_stream_socket_connect grant
-a sslKeyObj file_create grant
-a sslKeyObj file_delete grant
-a sslKeyObj file_exec grant
-a sslKeyObj file_read grant
-a sslKeyObj file_write grant
-a sslKeyObj unix_dgram_socket_connect grant
-a sslKeyObj unix_stream_socket_connect grant
-a swMgmtObj file_create grant
-a swMgmtObj file_delete grant
-a swMgmtObj file_exec grant
-a swMgmtObj file_read grant
-a swMgmtObj file_write grant
-a swMgmtObj unix_dgram_socket_connect grant
-a swMgmtObj unix_stream_socket_connect grant
-a tardiskMountObj file_create grant
-a tardiskMountObj file_delete grant
-a tardiskMountObj file_exec grant
-a tardiskMountObj file_read grant
-a tardiskMountObj file_write grant
-a tardiskMountObj unix_dgram_socket_connect grant
-a tardiskMountObj unix_stream_socket_connect grant
-a unlabeled file_create grant
-a unlabeled file_delete grant
-a unlabeled file_exec grant
-a unlabeled file_read grant
-a unlabeled file_write grant
-a unlabeled unix_dgram_socket_connect grant
-a unlabeled unix_stream_socket_connect grant


-c dgram_vsocket_bind grant
-c dgram_vsocket_create grant
-c dgram_vsocket_send grant
-c dgram_vsocket_trusted grant
-c inet_dgram_socket_create grant
-c inet_raw_socket_create grant
-c inet_stream_socket_create grant
-c stream_vsocket_bind grant
-c stream_vsocket_connect grant
-c stream_vsocket_create grant
-c stream_vsocket_trusted grant
-c unix_dgram_socket_bind grant
-c unix_socket_create grant
-c unix_stream_socket_bind grant
-c unix_vmklink_socket_connect grant
-c vsocket_provide_service grant


-d appObj appDom file_exec grant


-s genericSys grant
-s vmxSys grant
-s vmkacSys grant
-s vmfsSys grant
-s mountSys grant
-s umountSys grant
-s timeSys grant
-s ioctlSys grant
-s setpgidSys grant
-s getpgidSys grant
-s getsidSys grant
-s adminSys grant
-s vobSys grant
-s vsiReadSys grant
-s vsiWriteSys grant
-s moduleSys grant
-s rpcSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s schedulerSys grant
-s forkSys grant
-s execSys grant
-s forkExecSys grant
-s cloneSys grant
-s ptraceSys grant
-s storageSys grant
-s ioplSys grant





------------------------------------------------------------------
Domain Name: swMgmtDom  Kernel Id: 5  Enforcement Level: enforcing
------------------------------------------------------------------
-a appObj file_create grant
-a appObj file_delete grant
-a appObj file_read grant
-a appObj file_write grant
-a authObj file_read grant
-a authObj file_write grant
-a certObj file_create grant
-a certObj file_delete grant
-a certObj file_read grant
-a certObj file_write grant
-a pluginObj file_create grant
-a pluginObj file_delete grant
-a pluginObj file_read grant
-a pluginObj file_write grant
-a secpolicyObj file_create grant
-a secpolicyObj file_delete grant
-a secpolicyObj file_read grant
-a secpolicyObj file_write grant
-a sslKeyObj file_create grant
-a sslKeyObj file_delete grant
-a sslKeyObj file_read grant
-a sslKeyObj file_write grant
-a swMgmtObj file_create grant
-a swMgmtObj file_delete grant
-a swMgmtObj file_read grant
-a swMgmtObj file_write grant
-a tardiskMountObj file_create grant
-a tardiskMountObj file_delete grant
-a tardiskMountObj file_read grant
-a tardiskMountObj file_write grant


-c inet_dgram_socket_create grant
-c inet_stream_socket_create grant
-c unix_socket_create grant


-p inet_socket_connect nonloopback grant
-p inet_socket_connect loopback grant


-s genericSys grant
-s vmkacSys grant
-s mountSys grant
-s umountSys grant
-s ioctlSys grant
-s setpgidSys grant
-s getpgidSys grant
-s getsidSys grant
-s adminSys grant
-s vsiReadSys grant
-s vsiWriteSys grant
-s moduleSys grant
-s killSys grant
-s sysctlSys grant
-s syncSys grant
-s schedulerSys grant
-s forkSys grant
-s execSys grant
-s forkExecSys grant
-s cloneSys grant





---------------------------------
Objects Defined: Name (Kernel Id)
---------------------------------
appObj (97)
authObj (99)
certObj (100)
cimObj (94)
pluginObj (95)
secpolicyObj (93)
sslKeyObj (98)
swMgmtObj (96)
tardiskMountObj (101)
unlabeled (0)


--------------------
Tardisk Path (label)
--------------------
/tardisks/s.v00 (unlabeled)
/tardisks/misc_cni.v00 (appObj)
/tardisks/net_bnx2.v00 (appObj)
/tardisks/net_bnx2.v01 (appObj)
/tardisks/net_cnic.v00 (appObj)
/tardisks/net_tg3.v00 (appObj)
/tardisks/scsi_bnx.v00 (appObj)
/tardisks/scsi_bnx.v01 (appObj)
/tardisks/scsi_bfa.v00 (appObj)
/tardisks/ima_be2i.v00 (appObj)
/tardisks/scsi_be2.v00 (appObj)
/tardisks/char_hpc.v00 (appObj)
/tardisks/char_hpi.v00 (appObj)
/tardisks/hp_ams.v00 (appObj)
/tardisks/hp_build.v00 (appObj)
/tardisks/hp_smx_p.v00 (appObj)
/tardisks/hpacucli.v00 (appObj)
/tardisks/hpbootcf.v00 (appObj)
/tardisks/hponcfg.v00 (appObj)
/tardisks/scsi_hps.v00 (appObj)
/tardisks/scsi_hpv.v00 (appObj)
/tardisks/vmware_e.v00 (appObj)
/tardisks/net_igb.v00 (appObj)
/tardisks/scsi_mpt.v00 (appObj)
/tardisks/net_mlx4.v00 (appObj)
/tardisks/ima_qla4.v00 (appObj)
/tardisks/net_qlcn.v00 (appObj)
/tardisks/scsi_qla.v00 (appObj)
/tardisks/ata_pata.v00 (appObj)
/tardisks/ata_pata.v01 (appObj)
/tardisks/ata_pata.v02 (appObj)
/tardisks/ata_pata.v03 (appObj)
/tardisks/ata_pata.v04 (appObj)
/tardisks/ata_pata.v05 (appObj)
/tardisks/ata_pata.v06 (appObj)
/tardisks/ata_pata.v07 (appObj)
/tardisks/block_cc.v00 (appObj)
/tardisks/ehci_ehc.v00 (appObj)
/tardisks/weaselin.t00 (unlabeled)
/tardisks/esx_dvfi.v00 (appObj)
/tardisks/xlibs.v00 (appObj)
/tardisks/ipmi_ipm.v00 (appObj)
/tardisks/ipmi_ipm.v01 (appObj)
/tardisks/ipmi_ipm.v02 (appObj)
/tardisks/misc_dri.v00 (appObj)
/tardisks/net_be2n.v00 (appObj)
/tardisks/net_e100.v00 (appObj)
/tardisks/net_e100.v01 (appObj)
/tardisks/net_enic.v00 (appObj)
/tardisks/net_forc.v00 (appObj)
/tardisks/net_ixgb.v00 (appObj)
/tardisks/net_nx_n.v00 (appObj)
/tardisks/net_r816.v00 (appObj)
/tardisks/net_r816.v01 (appObj)
/tardisks/net_s2io.v00 (appObj)
/tardisks/net_sky2.v00 (appObj)
/tardisks/net_vmxn.v00 (appObj)
/tardisks/ohci_usb.v00 (appObj)
/tardisks/sata_ahc.v00 (appObj)
/tardisks/sata_ata.v00 (appObj)
/tardisks/sata_sat.v00 (appObj)
/tardisks/sata_sat.v01 (appObj)
/tardisks/sata_sat.v02 (appObj)
/tardisks/sata_sat.v03 (appObj)
/tardisks/sata_sat.v04 (appObj)
/tardisks/scsi_aac.v00 (appObj)
/tardisks/scsi_adp.v00 (appObj)
/tardisks/scsi_aic.v00 (appObj)
/tardisks/scsi_fni.v00 (appObj)
/tardisks/scsi_ips.v00 (appObj)
/tardisks/scsi_lpf.v00 (appObj)
/tardisks/scsi_meg.v00 (appObj)
/tardisks/scsi_meg.v01 (appObj)
/tardisks/scsi_meg.v02 (appObj)
/tardisks/scsi_mpt.v01 (appObj)
/tardisks/scsi_mpt.v02 (appObj)
/tardisks/scsi_rst.v00 (appObj)
/tardisks/uhci_usb.v00 (appObj)
/tardisks/hpnmi.v00 (appObj)
/tardisks/scsi_qla.v01 (appObj)
/tardisks/xorg.v00 (appObj)
/tardisks/imgdb.tgz (appObj)
/tardisks/state.tgz (appObj)
